A hacker exploited Hyperbridge, a Polkadot-based cross-chain interoperability protocol, minting 1 billion bridged DOT tokens on Ethereum and extracting roughly $237,000, renewing concerns about bridge security.
Blockchain data shared by CertiK shows the attacker created the tokens in a single transaction by submitting a forged message that changed the admin of the Polkadot token contract on Ethereum. The exploit only affected DOT tokens bridged through Hyperbridge on Ethereum; native DOT and the broader Polkadot network were not impacted, Polkadot said.
Limited liquidity in the bridged DOT pool capped the attacker’s take at 108.2 ETH (about $237,000). Hyperbridge paused operations after the incident while developers prepared an upgrade. Early analysis from contributors and security firms suggests the attacker bypassed the protocol’s Merkle tree verifier using a malicious proof. Blocksec Falcon indicated the likely root cause was an MMR (Merkle Mountain Range) proof replay vulnerability stemming from missing proof-to-request binding, though Hyperbridge has not yet confirmed a final cause.
DOT’s native price briefly fell to a daily low of $1.16 before recovering above $1.19, according to CoinGecko.
The Hyperbridge incident follows other recent bridge-related issues: Aethir disclosed it contained an exploit last week, limiting user losses to under $90,000. Separately, the data indexing service SubQuery Network was exploited for about $130,000 after missing access-control data in legacy code allowed an attacker to set their own contract as the withdrawal target for staking rewards, security auditor Pashov reported.
Despite a year-over-year decline in DeFi exploit losses, incidents persist. Hackers stole over $168 million from 34 DeFi protocols in Q1 2026, down from $1.58 billion in Q1 2025. Cointelegraph contacted Hyperbridge for comment on the root cause of the exploit.
