Hyperbridge Exploit Leads to $237,000 Loss via Bridged Polkadot Tokens

The cross-chain interoperability protocol Hyperbridge has suffered a security breach, enabling an attacker to mint 1 billion bridged Polkadot (DOT) tokens on the Ethereum network. The attacker successfully cashed out approximately 108.2 Ether, valued at roughly $237,000, before the protocol paused operations to implement security upgrades. According to data from cybersecurity firm CertiK, the attacker bypassed security by using a forged message to alter the administrator of the Polkadot token contract on Ethereum. Preliminary analysis by Blocksec Falcon suggests the root cause was a Merkle Mountain Range (MMR) proof replay vulnerability, specifically a lack of proof-to-request binding. While the volume of minted tokens was massive, the actual financial damage was capped by limited liquidity in the bridged DOT pool. Polkadot clarified that the exploit was isolated to bridged assets on Ethereum, confirming that native DOT tokens and the broader Polkadot ecosystem remained secure. The native DOT token experienced a brief price dip to $1.16 following the news but quickly recovered to trade above $1.19. This incident occurs amidst a broader trend of DeFi security challenges, though overall losses in the first quarter of 2026 ($168 million) represent a significant decrease compared to the $1.58 billion lost during the same period in 2025.