A vulnerability in blockchain token bridge Hyperbridge allowed a hacker to mint approximately 1 billion bridged Polkadot (DOT) tokens on Ethereum, valued above $1.1 billion. The attacker then sold the tokens, but due to low liquidity on decentralized exchanges, the realized loss was only around $237,000. The exploit was confined to bridged DOT on Ethereum, while native DOT on Polkadot and other assets remain unaffected.
A technical exploit of blockchain token bridge Hyperbridge led to the artificial creation of 1 billion Polkadot (DOT) tokens valued above $1.1 billion, but only resulted in around $237,000 in losses due to limited liquidity, the firm reported. The exploit stemmed from a vulnerability in its proof verification logic, which incorrectly accepted invalid proofs.
“This flaw allowed invalid proofs to be incorrectly accepted as valid,” Hyperbridge stated. The attacker gained administrative control of the bridged DOT token contract on Ethereum and minted tokens exceeding the actual bridged supply by about 2,800 times.
The total native DOT supply is 1.6 billion tokens. The protocol confirmed the incident was isolated to bridged DOT on Ethereum, meaning native DOT on the Polkadot relay chain and other assets across Hyperbridge remain secure.
After minting the tokens, the attacker sold them directly on decentralized exchanges, acquiring approximately $237,000 from available trading liquidity. DOT currently trades around $1.17, down 4.6% in the last 24 hours and nearly 98% off its all-time high of $54.98.
The protocol’s app is down for maintenance as it adds “additional safeguards” and works with security partners to recover funds. Bridge protocols have been central to multiple exploits, including the $552 million attack on Ronin Network‘s bridge in 2022.
The exploit adds to concerns about DeFi protocol security, following the recent loss of more than $285 million from Solana‘s Drift Protocol on April 1 to a North Korean-linked hacker.
