TL;DR:
- An attacker exploited Hyperbridge’s contract and minted 1 billion bridged DOT tokens on Ethereum, obtaining approximately $237,000.
- Security firm CertiK explained that the attacker forged a message to seize administrative control of the token contract on Ethereum before selling the funds.
- South Korean exchanges Upbit and Bithumb temporarily suspended DOT deposits and withdrawals after detecting signs of a security incident.
Hyperbridge, a cross-chain interoperability protocol built on Polkadot, suffered an exploit. An attacker took advantage of a vulnerability in its gateway contract to mint 1 billion bridged DOT tokens on Ethereum and convert them into approximately $237,000.
According to the analysis published by cybersecurity firm CertiK, the attacker managed to introduce a forged message that allowed them to seize administrative control of the DOT token contract on Ethereum. Once that access was obtained, the tokens were minted in a single transaction and immediately sold, causing the price of the bridged DOT to collapse from $1.22 to fractions of a cent. The limited liquidity available in the bridged DOT pool was what capped the attacker’s gains at 108.2 ETH, equivalent to the $237,000 obtained.
Blockchain analytics firm Blocksec Falcon pointed to a replay vulnerability in Merkle Mountain Range (MMR) proofs as the likely root cause, originating from the absence of binding between the proof and its corresponding request, although the protocol has not yet officially confirmed that hypothesis. Meanwhile, a project contributor identified as Web3 Philosopher indicated that the initial diagnosis pointed to a malicious proof that managed to deceive the protocol’s Merkle tree verifier.
A Severe Blow to Hyperbridge’s Reputation
The incident is particularly significant because Hyperbridge positioned itself as a proof-based interoperability layer, designed specifically to offer “full node security” for cross-chain bridges. The attack severely questioned that promise and adds a new episode to a series of vulnerabilities affecting bridge infrastructure.
Polkadot clarified in a statement on X that the exploit affects exclusively the DOT bridged to Ethereum through Hyperbridge and has no impact on the native token or the Polkadot ecosystem at large. Nevertheless, the price of native DOT fell nearly 4%, to $1.18, before recovering slightly. South Korean exchanges Upbit and Bithumb temporarily suspended deposits and withdrawals of the asset as a precautionary measure.
Hyperbridge paused its operations while the team works on an update. Just days earlier, protocol Aethir contained an exploit with losses below $90,000. Global losses from exploits in the DeFi ecosystem during the first quarter of 2026 reached $168 million, a considerable drop compared to the $1.58 billion recorded in the same period of 2025.
