A hacker minted 1 billion bridged DOT tokens on Ethereum via Hyperbridge, a Polkadot-based cross-chain protocol, and withdrew about $237,000, renewing concerns over bridge security. Blockchain-analysis firm CertiK reported the attacker created the tokens in a single transaction by submitting a forged message that altered the admin on the Polkadot token contract deployed on Ethereum. Polkadot said native DOT and the broader Polkadot network were not affected; only DOT bridged through Hyperbridge on Ethereum was impacted.
Limited liquidity in the bridged DOT pool constrained the attacker’s proceeds to roughly 108.2 ETH (about $237,000). Hyperbridge paused operations after the incident while developers prepared an upgrade. Early investigator reports and security firms indicate the exploit likely involved bypassing the protocol’s Merkle-tree verification with a malicious proof. Blocksec Falcon flagged a probable MMR (Merkle Mountain Range) proof replay vulnerability caused by missing proof-to-request binding, though Hyperbridge has not yet confirmed the final root cause.
DOT’s market price briefly dipped to a daily low of $1.16 before recovering above $1.19, per CoinGecko.
The incident follows other recent bridge and infrastructure issues: Aethir reported containing an exploit last week that limited losses to under $90,000, and SubQuery Network was exploited for about $130,000 after legacy code lacked access-control checks, allowing an attacker to redirect staking reward withdrawals, security auditor Pashov found.
While total DeFi exploit losses have fallen year over year, incidents continue. Hackers stole more than $168 million from 34 DeFi protocols in Q1 2026, down from $1.58 billion in Q1 2025. Cointelegraph contacted Hyperbridge seeking comment on the investigation and the precise vulnerability cause.