HAI Token Plummets 98% Following Hack Due to ‘Human Error’

The cybersecurity-focused project Hacken has reported a private key leak due to ‘human error’. The incident led to the unauthorized issuance of nearly 900 million HAI tokens, causing its price to plummet by 98%.

A private key of an account with a minter role (ETH & BNB) was compromised, leading to unauthorized HAI minting and a dump on BSC DEXs.

One big misconception: the deployer wallet was NOT compromised. That’s exactly what let us revoke the compromised minters from the $HAI…

— Hacken?? (@hackenclub) June 21, 2025

According to the statement, a private key for an account with a minter role in the Ethereum and BNB Chain networks was compromised. The perpetrator issued about 900 million HAI, nearly doubling the supply, and sold them on decentralized exchanges. The damage amounted to approximately $250,000.

In the wake of the incident, the asset’s price dropped by 97%. According to CoinGecko, HAI’s market capitalization fell from $12.7 million to $7.2 million. At the time of writing, the figure had adjusted to $8 million.

Co-founder and CEO of Hacken, Dmitry Budorin, took responsibility for the incident.

1. Responsibility is on me. I didn’t implement multisig bridge ifra 5 years ago. I understood the risk, but delayed bridge restructuring due to not unimportant reasons
2. This incident has nothing to do with the main business. Our experts are the best in the field
3. The most…

— Dyma Budorin ?? (@buda_kyiv) June 22, 2025

He admitted that five years ago he did not implement a multisig bridge infrastructure, despite understanding the risks.

The team revoked permissions from the compromised account—the wallet from which the contract was deployed was not affected. No other leaks were found.

Hacken will publish a report on the hack after the investigation is completed. The project also announced a possible token swap for HAI holders. This will be a ‘major merger of HAI with Hacken’s equity valued at over $100 million’.

Expert Opinion

Web3 researcher Vladimir Menaskop analyzed the situation and pointed out several ‘alarming moments’ in the project’s team’s communication and actions.

According to him, Hacken’s statement that ‘the main infrastructure has always been separated from the HAI infrastructure and remains secure’ sounds absurd.

Menaskop ironically compared this to a situation where a victim has been decapitated but ‘feels fine’ because their head ‘lived separately’. This highlights that compromising a key part of the project related to its tokenomics ‘cannot be considered a minor issue’.

The only positive aspect Menaskop noted was that the Hacken team promptly revoked the compromised account from the token contract and regained control over issuance. However, the reason for the leak cited by the team—’architectural changes’ to an outdated bridge—essentially acknowledges a vulnerability in the process of planned security updates.

The researcher’s greatest bewilderment was not the attack itself, but the team’s subsequent reaction. Instead of presenting a concrete plan to enhance security measures, Hacken first announced an accelerated transition of HAI to security token status. Menaskop called this move ‘phantasmagoric’: a company working in cybersecurity that lost a private key due to a basic error responds by proposing to change the legal status of the token rather than addressing technical vulnerabilities.

He contrasts Hacken’s actions with a recent incident with Meta Pool, which managed to fend off a $27 million attack, losing only about $133,000—largely thanks to an effective early warning system. According to the researcher, such a system should have been a priority for Hacken.

Back in May 8, funds worth $11.5 million were withdrawn from the hot wallet of Taiwan’s BitoPro, and on June 2, the modular blockchain Nervos Network suffered a $3 million attack.

Later, hackers breached the Iranian exchange Nobitex for $100 million and exposed the platform’s source code.