Hyperbridge Exploit Leads to $237,000 Loss via Bridged Polkadot Minting

The cross-chain interoperability protocol Hyperbridge has suffered a security breach, resulting in the unauthorized minting of 1 billion bridged Polkadot (DOT) tokens on the Ethereum network. The attacker successfully extracted approximately 108.2 Ether, valued at roughly $237,000. According to reports from cybersecurity firm CertiK, the attacker utilized a forged message to alter the administrator of the Polkadot token contract on Ethereum. Blocksec Falcon suggests the root cause may be a Merkle Mountain Range (MMR) proof replay vulnerability stemming from a lack of proof-to-request binding, though this remains to be officially confirmed by the protocol. The impact was strictly limited to DOT tokens bridged via Hyperbridge on Ethereum. Polkadot confirmed that native DOT tokens and the broader ecosystem remained unaffected. The limited liquidity within the bridged DOT pool prevented the attacker from realizing higher gains despite the massive number of tokens minted. Native DOT experienced a brief price dip to $1.16 on Monday before recovering to $1.19. Hyperbridge has since paused operations to implement a necessary upgrade. This incident follows other recent bridge vulnerabilities, including a separate exploit at Aethir and a $130,000 loss at SubQuery Network. While security incidents persist, overall DeFi exploit losses have declined significantly. In the first quarter of 2026, hackers stole $168 million across 34 protocols, a sharp decrease from the $1.58 billion lost during the same period in 2025.