Hacker creates 1B bridged Polkadot tokens on Hyperbridge, extracts $237K in security breach
An exploit on Hyperbridge enabled a malicious actor to create 1 billion bridged Polkadot tokens on the Ethereum network and withdraw approximately $237,000, sparking fresh discussions about cross-chain bridge vulnerabilities.
A malicious actor successfully exploited Hyperbridge, a cross-chain interoperability protocol built on Polkadot, extracting approximately $237,000 in value and reigniting conversations around the security of blockchain bridge technology.
The malicious party managed to create 1 billion bridged Polkadot (DOT) tokens through a single transaction executed on Hyperbridge, as indicated by blockchain transaction records shared by cybersecurity firm CertiK.
According to CertiK's analysis, the hacker successfully minted these tokens by "slipping through a forged message to change the admin of Polkadot token contract on Ethereum." The attacker's potential gains were significantly limited, however, due to shallow liquidity available in Ethereum's bridged DOT pool, which couldn't absorb the massive influx of 1 billion bridged DOT tokens. This liquidity constraint reduced the attacker's actual proceeds to merely 108.2 Ether (ETH), valued at approximately $237,000 following the token exchange.
According to cybersecurity analysis firm Blocksec Falcon, the exploit's probable underlying cause was a Merkle Mountain Range (MMR) proof replay vulnerability stemming from absent proof-to-request binding mechanisms, although the protocol team has yet to officially verify the definitive root cause.
Following the security breach, Hyperbridge temporarily suspended its operations as the development team initiated work on a system upgrade, with contributor Web3 Philosopher indicating that preliminary analysis suggested a malicious proof successfully deceived the protocol's Merkle tree verification mechanism. Cross-chain blockchain bridges enable users to transfer tokens and information across different blockchain networks.
This security breach is particularly significant given that Hyperbridge has positioned itself in the market as a proof-based interoperability solution engineered to provide "full node security" for cross-chain bridge operations. This incident also comes on the heels of Aethir's announcement last week regarding its successful containment of a different bridge exploit, limiting user damages to under $90,000.
Cointelegraph has reached out to Hyperbridge seeking official comment regarding the exploit's root cause.
The security breach exclusively impacted DOT tokens on the Ethereum network that had been bridged via Hyperbridge, while native DOT tokens along with the broader Polkadot ecosystem infrastructure remained completely unaffected, as Polkadot clarified in a statement posted on X on Monday.
The native DOT token experienced a temporary decline to a daily minimum of $1.16 on Monday, subsequently rebounding to exchange hands above $1.19 at the time of publication, based on data from CoinGecko.
Hackers exploit SubQuery network for $130,000
Crypto protocols continue to experience security breaches notwithstanding a dramatic year-over-year reduction in decentralized finance exploit damages.
This past Sunday, SubQuery Network, a data indexing protocol, fell victim to an exploit resulting in losses of approximately $130,000 attributed to insufficient access control mechanisms in code that had been written more than two years prior.
The security flaw allowed the malicious actor to designate his own smart contract as the recipient address for staking reward withdrawals, according to blockchain security auditor Pashov in a statement shared on X on Sunday.
Malicious actors successfully stole more than $168 million from 34 different decentralized finance (DeFi) protocols throughout the first quarter of 2026, representing a substantial decrease compared to the $1.58 billion stolen during the first quarter of 2025, when the unprecedented $1.4 billion Bybit security breach took place.