
A hacker exploited Hyperbridge. The Polkadot-based cross-chain protocol got hit hard. The attacker minted 1 billion bridged DOT tokens on Ethereum. Then drained roughly $237,000 in crypto.
The hack used a forged message. It bypassed the protocol’s verification system. That’s according to blockchain security firm CertiK. Hyperbridge paused operations immediately. Security upgrades are underway.
CertiK identified the exploit method. A forged message altered the admin of the DOT token contract on Ethereum. The attacker minted the massive token quantity in a single transaction.
Here’s the kicker. The hacker created 1 billion tokens. But could only cash out 108.2 ETH. That’s roughly $237,000. Limited liquidity in the bridged DOT pool stopped them cold.
“A malicious proof bypassed the Merkle tree verifier,” a Hyperbridge contributor said. Major security failure. This came from a protocol marketed for its “full node security” approach to cross-chain transfers.
BlockSec Falcon weighed in. They suggested a Merkle Mountain Range proof replay issue. Likely stemmed from missing proof-to-request binding. Hyperbridge hasn’t officially confirmed the exact technical flaw. The protocol’s halted operations. Upgrades are being implemented now.
Polkadot moved fast to reassure users. The exploit only affected tokens bridged through Hyperbridge. “Native DOT and the broader Polkadot ecosystem were not affected,” according to a Polkadot official statement. The native blockchain’s security remained intact. Only the wrapped representation on Ethereum got compromised.
Market reaction? Muted. DOT’s price briefly dipped near $1.16. Then recovered. Limited panic among investors. They recognized the isolated nature of the exploit.
The Hyperbridge incident joins a recent string of bridge vulnerabilities. Aethir disclosed a separate bridge exploit. Losses contained under $90,000. SubQuery Network suffered a $130,000 exploit. Missing access control let an attacker redirect staking rewards.
These recurring attacks expose persistent structural weaknesses. Cross-chain infrastructure remains vulnerable. Even protocols claiming advanced security features aren’t safe. Bridge exploits remain a critical risk area.
There’s some good news. Overall DeFi exploit losses dropped sharply. From $1.58 billion in Q1 2024 to $168 million in the same period this year. That’s according to the research.
But the incidents underscore ongoing problems. Proof systems still have issues. Smart contract design remains flawed. Access control mechanisms continue to present attack surfaces. Developers must address these weaknesses. Cross-chain activity’s growing across the blockchain ecosystem. The infrastructure needs to catch up.
