Token HAI Plummets 98% Post-Breach Due to Human Error Missteps

The cybersecurity-focused team behind Hacken has reported a leak of a private key due to «human error.» This incident resulted in the unauthorized issuance of nearly 900 million HAI tokens, causing the token’s price to plummet by 98%.

According to their statement, the compromised key belonged to an account with minting privileges on the Ethereum and BNB Chain networks. The attacker managed to mint around 900 million HAI tokens, effectively doubling the supply, and sold them on various decentralized exchanges. The estimated damage amounted to approximately $250,000.

Following the incident, the token’s price dropped by 97%. As indicated by CoinGecko, HAI’s market capitalization fell from $12.7 million to $7.2 million, though it had partially rebounded to $8 million at the time of writing.

Dmitry Budorin, co-founder and CEO of Hacken, has taken responsibility for the incident, admitting that five years ago, he failed to implement a multi-signature bridge infrastructure, despite being aware of the associated risks.

The team has suspended permissions for the compromised account; fortunately, the wallet from which the contract was deployed remained unscathed. No additional leaks were identified.

Hacken plans to release a breach report upon completing its investigation and has also announced a potential token swap for HAI holders, describing it as a «significant merger of HAI with Hacken’s equity valued at over $100 million.»

Web3 researcher Vladimir Menaskop analyzed the situation and pointed out several «concerning aspects» regarding the project’s communication and actions.

He noted that Hacken’s claim that «the core infrastructure has always been separate from the HAI infrastructure and remains secure» seems absurd. Menaskop drew an ironic parallel to a scenario where a person loses their head but insists they feel fine because the head «had lived separately.» This highlights that compromising a key component of the project linked to its tokenomics «cannot be considered a minor issue.»

The only positive takeaway for Menaskop was that Hacken’s team quickly revoked access from the compromised account and regained control over the emission. However, the team’s stated reason for the breach—»architectural changes» in an outdated bridge—essentially acknowledges a vulnerability in their security update process.

The researcher expressed more confusion over the team’s response than the attack itself. Instead of outlining a concrete plan to enhance security measures, Hacken prioritized announcing the accelerated transition of HAI to a security token status. Menaskop described this move as «fantastical,» suggesting that a cybersecurity firm that lost its private key due to a basic error should focus on fixing technical vulnerabilities rather than changing the token’s legal status.

He contrasted Hacken’s approach with a recent incident involving Meta Pool, which successfully deflected a $27 million attack, suffering only a $133,000 loss—largely due to an effective early warning system. Menaskop believes that such a system should have been a priority for Hacken.

For context, on May 8, funds amounting to $11.5 million were withdrawn from the hot wallet of Taiwanese exchange BitoPro, and on June 2, the modular blockchain Nervos Network suffered a $3 million attack.

Subsequently, hackers breached the Iranian exchange Nobitex for $100 million and disclosed the platform’s source code.