Blockchain Security Auditor Hacken Hacked: $HAI Tanks 99% After Private Key Leak

On June 21, 2025, a private key leak triggered a catastrophic $5 million crash in the value of Hacken’s native $HAI token, plummeting its market capitalization from $12.7 million to $7.2 million. The breach allowed an attacker to mint 900 million $HAI tokens, dumping them on decentralized exchanges and causing the price to drop from $0.015 to as low as $0.000056 — a staggering 99% decline.

CEO Dyma Budorin admitted the incident stemmed from a “human error” five years ago, specifically the failure to implement a multisig bridge, stating, “We killed all the bridges. $HAI on VeChain is the only token… this accident pushed us to an action”.

In response, Hacken swiftly revoked the compromised minter account’s access and paused bridge transactions across Ethereum and the BNB Chain to prevent further losses. The attacker reportedly profited around $250,000, exploiting the vulnerability exposed during architectural changes to the blockchain bridge.

Despite the chaos, Hacken’s core infrastructure remained secure, and the company is now planning a token swap and a merger with its equity shareholders, valued at over $100 million, to restore confidence among holders.

A Year of Cross-Chain Chaos: Similar Incidents in 2025

This incident is not an isolated event in the cryptocurrency world. Earlier this year, a series of cross-chain bridge exploits highlighted the sector’s vulnerability.

In January 2025, a breach resulted in $400 million in losses due to a smart contract flaw, marking one of the largest single incidents. March saw another attack, with $150 million stolen from a decentralized finance protocol after a private key compromise.

By May, a total of $2 billion had been lost across 13 separate bridge hacks, with North Korean-linked hackers accounting for approximately $1 billion of that sum, targeting bridges as prime attack vectors.

These recurring incidents underscore the unresolved technical challenges in bridge design, where varying models continue to present novel attack surfaces for malicious actors. Hacken’s Q1 report had already flagged human error as a primary threat, a warning that proved prescient with the recent $HAI crash.

Rebuilding Trust: Response and Future Steps

As investigations continue, Hacken has promised a detailed post-mortem analysis and assured the community that further details will follow.

The company’s decision to halt cross-chain bridge contracts, including $BSC-$VET and $ETH-$VET, served as a precautionary measure to block additional unauthorized actions. Budorin emphasized that the single-chain architecture prevented even greater losses, noting, “It was handled well and fast”.

Despite these efforts, the event has ignited controversy, with some community members branding Hacken a “joke team” due to its role as a security and audit institution, ironically compromised by a breach of its own $HAI token. Concerns have also surfaced regarding the status of tokens on exchanges such as MEXC and KuCoin, prompting urgent calls for updated guidance.

This incident serves as a stark reminder of the risks in the Web3 ecosystem, pushing the industry toward stronger security protocols and multi-signature implementations to safeguard against future breaches.