Hackers exploited a security vulnerability in the Hyperbridge gateway contract to mint 1 billion unauthorized bridged DOT tokens on Ethereum, according to data from blockchain security firm CertiK. The incident resulted in approximately $237,000 in illicit profits for the attackers.
Hyperbridge, a cross-chain interoperability protocol built on the Polkadot network, suffered a breach that allowed attackers to forge messages and seize administrative control of the token contract on the Ethereum blockchain. Once they gained control, the attackers minted the massive supply of tokens and offloaded them, causing the price of bridged DOT to collapse from $1.22 to near-zero values.
Blockchain analysis provider Onchain Lens reported that the attackers moved to seize control of the contract shortly before executing the minting and dumping process.
Security response and market impact
Polkadot officials confirmed in a post on X that the exploit is isolated to the Hyperbridge-bridged DOT on Ethereum. The native Polkadot ecosystem and tokens bridged through other protocols remain unaffected. The Hyperbridge protocol has been suspended while developers conduct a forensic investigation into the gateway breach.
Despite the isolation of the exploit, the price of native DOT dropped roughly 4% to $1.18 in the immediate aftermath of the news.
Major South Korean cryptocurrency exchanges Upbit and Bithumb moved quickly to protect users, issuing notices that they have temporarily suspended deposits and withdrawals of DOT. Both exchanges cited the ongoing security incident as the primary reason for the service halt.
This incident highlights the persistent risks associated with cross-chain bridges, which have become prime targets for attackers looking to exploit gaps in smart contract administrative logic. The Block has reached out to Hyperbridge for further comment on the recovery process.