Articles
Ethereum

Hyperbridge attacker mints 1B bridged Polkadot tokens in $237K exploit

User Image

Por Anónimo

Creado April 13, 2026|2 minutos de lectura
Main Image

A Hyperbridge exploit let an attacker mint 1 billion bridged Polkadot tokens on Ethereum and cash out about $237,000, reviving debate over bridge security.

A hacker exploited the Polkadot-based cross-chain interoperability protocol Hyperbridge, netting about $237,000 and raising renewed security concerns about blockchain bridge infrastructure.

An attacker minted 1 billion bridged Polkadot (DOT) tokens in a single transaction on Hyperbridge, according to blockchain data shared by cybersecurity platform CertiK. The exploit only affected DOT on Ethereum that was bridged through Hyperbridge, while native DOT tokens and the wider Polkadot ecosystem remain unaffected, Polkadot noted in a Monday X post.

CertiK said the attacker managed to mint the tokens after “slipping through a forged message to change the admin of the Polkadot token contract on Ethereum.” Limited liquidity in the bridged DOT pool capped the proceeds at 108.2 Ether (ETH), worth around $237,000.

Hyperbridge paused operations after the attack while the team worked on an upgrade, with contributor Web3 Philosopher saying the initial diagnosis pointed to a malicious proof that fooled the protocol’s Merkle tree verifier.

The exploit is notable because Hyperbridge has marketed itself as a proof-based interoperability layer built to deliver “full node security” for crosschain bridges. The incident also follows Aethir’s disclosure last week that it had contained a separate bridge exploit and kept user losses below $90,000.

Cybersecurity research company Blocksec Falcon said the likely root cause of the exploit was a Merkle Mountain Range (MMR) proof replay vulnerability caused by missing proof-to-request binding, though the final root cause has not yet been confirmed by the protocol.

The native DOT token briefly dipped to a daily low of $1.16 on Monday, before recovering to trade above $1.19 at the time of writing, according to CoinGecko.

Security incidents continue to hit crypto protocols despite a sharp year-over-year drop in DeFi exploit losses.

Related: New AI cybercrime tool targets crypto, bank KYC systems via deepfakes

On Sunday, the data indexing protocol SubQuery Network was also exploited for around $130,000 due to missing access control data that exposed the code written over two years ago.

The vulnerability enabled the attacker to set their own contract as the withdrawal target for staking rewards, blockchain security auditor Pashov said in a Sunday X post.

Hackers stole over $168 million from 34 decentralized finance (DeFi) protocols in the first quarter of 2026, marking a significant decline from the $1.58 billion stolen in the first quarter of 2025, when the record $1.4 billion Bybit hack occurred.

Cointelegraph has contacted Hyperbridge for comment on the root cause of the exploit.

Magazine: Meet the onchain crypto detectives fighting crime better than the cops

Source: CoinTelegraph


Otros artículos publicados recientemente

Barstool's Portnoy plans to hold bitcoin down to zero after timing it wrong every time
Barstool's Portnoy plans to hold bitcoin down to zero after timing it wrong every time

Bitcoin

Barstool Sports founder Dave Portnoy said he will hold bitcoin all the way down to zero after buying...

Binance outflows triple to $1.2B as ETH withdrawals hit 3-year high
Binance outflows triple to $1.2B as ETH withdrawals hit 3-year high

Ethereum

Binance recorded $1.23 billion in weekly net outflows, up 207% from the previous week, as Ethereum w...

South Africa proposes crypto tax rules under existing tax framework
South Africa proposes crypto tax rules under existing tax framework

Crypto Market Analysis

South Africa’s tax authority proposed draft guidance clarifying how crypto assets are taxed under ...

Moonbeam to pivot from Polkadot to Base, unveils AI agent framework
Moonbeam to pivot from Polkadot to Base, unveils AI agent framework

Base

Moonbeam didn’t provide a timeline for when it would launch the AI agent platform but told GLMR ho...

Vitalik Buterin shares top priorities for new 'Lean Ethereum' strawmap
Vitalik Buterin shares top priorities for new 'Lean Ethereum' strawmap

Ethereum

Part of the Ethereum Foundation’s plan to make Ethereum more private and scalable is to introduce ...

How ethical hackers with just a $3,000 server found a flaw that could've put $70 billion in crypto at risk
How ethical hackers with just a $3,000 server found a flaw that could've put $70 billion in crypto at risk

Blockchain

A critical flaw in the Aptos blockchain, which was patched, gave researchers a near-90% success rate...