- Kinto’s $Okay token plunged 99% after the Arbitrum mint contract exploit.
- Hacker minted 7M tokens and drained USDC through the Morpho lending platform.
- Kinto says person funds are secure and a full investigation is underway.
Kinto Community has suffered a extreme blow after a sensible contract exploit linked to its Arbitrum deployment, resulting in the collapse of the Okay token’s worth.
Inside simply 24 hours, the value of the $Okay token plummeted by over 99%, stunning traders and triggering a wave of uncertainty throughout the decentralised finance (DeFi) area.
The breach, which originated from a minting contract on Arbitrum and never the Kinto mainnet itself, enabled the unauthorised creation of thousands and thousands of tokens, finally undermining belief within the undertaking’s token financial system.
The exploit originated off the Kinto Community
Kinto confirmed that the exploit occurred off-network, particularly on the Arbitrum model of the Okay token’s mint contract, which had not been adequately secured in opposition to unauthorised minting.
Though the principle Kinto community, wallets, and bridge vaults remained unaffected, the attacker managed to mint almost 7 million Okay tokens—greater than thrice the beforehand circulating provide of fewer than 2 million tokens.
In response to early on-chain evaluation, the malicious actor didn’t instantly dump the tokens on public exchanges however as a substitute started to slowly manipulate the market to maximise the token’s obvious worth.
This stealthy strategy allowed the attacker to make use of the inflated token worth as leverage on Morpho, a DeFi lending platform, the place they deposited the newly minted tokens as collateral.
Shortly after, the hacker borrowed massive sums of USDC and subsequently withdrew the funds, leaving the protocol and the broader market uncovered to important losses.
Morpho Protocol has been left holding nugatory tokens
One of the important aftershocks of the exploit is the collateral injury inflicted on Morpho, the protocol the place the attacker deposited the inflated $Okay tokens.
With the token’s worth now decimated, Morpho is left holding tokens which might be primarily nugatory, elevating issues about how the platform will handle the unhealthy debt and mitigate the monetary hit.
This occasion underscores the systemic dangers related to DeFi platforms that rely closely on collateralized property whose worth will be manipulated.
Though Kinto has not disclosed how a lot USDC was drained from Morpho, restoration efforts are reportedly ongoing.
The fast Okay worth decline has sparked panic
In only one hour after the exploit on Thursday, the Okay token’s worth collapsed by 45%, sparking a fast selloff that worn out greater than 99% of its worth in complete by Friday.
The token, which had reached an all-time excessive of $11.89 in late March 2025, hit a brand new all-time low of $0.4854 in line with CoinMarketCap information.
On the time of writing, the token is buying and selling at $0.7053, down over 99.15% from its peak simply three months in the past, with a market cap of roughly $1.29 million.
Buying and selling quantity had surged to over $2.72 million in 24 hours as traders rushed to exit positions, additional exacerbating the collapse.
Kinto has engaged third events to research the exploit
Following the exploit, Kinto shortly issued a public assertion, assuring customers that their mainnet funds and bridge vaults weren’t affected.
Nonetheless, the corporate acknowledged the seriousness of the incident and has since introduced in third-party safety specialists, together with Hypernative, Seal 911, Venn, and Zeroshadow, to research the exploit and help with restoration efforts.
Kinto neighborhood. We’re trying into the state of affairs ourselves and with third events (Hypernative, Seal 911) – as quickly as we’ve a transparent image of what has occurred we are going to make an announcement.
— Kinto (@KintoXYZ) July 10, 2025
Kinto has pledged full transparency and is predicted to launch a complete report as soon as the investigation concludes.
Regardless of the reassurance, market confidence stays shaken, with customers on social media criticising the undertaking’s contract design and the obvious lack of rigorous safety audits.
Some neighborhood members expressed frustration with what they view as a sample of poorly vetted DeFi initiatives harming retail traders.
Whereas Kinto has said that no insiders offered tokens through the crash and that token unlocks stay scheduled for April 2026, hypothesis continues to swirl round whether or not the exploit may have been prevented.
The undertaking’s future now hinges on how successfully it may well regain belief, patch safety vulnerabilities, and recuperate misplaced worth.
Till then, the $Okay token will possible stay unstable, as merchants weigh the dangers of staying in a undertaking shaken to its core by a devastating exploit.
