Hacken cites 'human error' after private key leak triggers $5 million crash in $HAI value

Ukrainian cybersecurity firm Hacken said "human error" was to blame for a private key leak that led to near-unlimited minting of its native $HAI token, crashing its value by around 98%. 

"A private key of an account with a minter role (ETH & BNB) was compromised, leading to unauthorized HAI minting and a dump on BSC DEXs," Hacken wrote on X Saturday . Hacken said the attacker got away with around $250,000, but the minting of roughly 900 million $HAI tokens on Ethereum and BNB, nearly doubling its supply, led the token to drop catastrophically in price.

The token crashed by as much as 97% before recovering somewhat on Sunday. $HAI's market capitalization dropped from around $12.7 million before the incident to around $7.2 million as of Sunday evening, according to CoinGecko data . 

Hacken said there was no evidence of additional compromised accounts, and the team plans to publish a post-mortem after investigating the incident. 

"Responsibility is on me," wrote Hacken's co-founder and CEO Dyma Budorin on X.  "I didn't implement multisig bridge [infrastructure] 5 years ago. I understood the risk, but delayed bridge restructuring due to not unimportant reasons." 

Since the deployer wallet was not compromised, the Hacken team was able to revoke control from the compromised minter accounts. Hacken teased a token swap in the future that may compensate $HAI holders, calling it "a big merge between $HAI and Hacken equity shareholders, valued at over $100M" on X . Hacken did not immediately respond to a request for comment from The Block. 

Hacken's own Q1 Web3 security report from April noted that access control exploits form the top current threat to the Web3 ecosystem, noting $1.6B in losses in Q1 alone. "While smart contract vulnerabilities remain a threat, most damage is now caused by failures in people, processes, or permission systems," the report states.