A security breach hit Hyperbridge’s Token Gateway on April 13, 2026. Hackers stole about $237,000 worth of tokens on the Ethereum network. The cross-chain bridge paused all transfers right away to stop more damage.
Hyperbridge shared the news on X. They said an attacker found a flaw in their Ethereum contract. The hacker made a fake cross-chain message that passed checks. This let them take over the bridged DOT token admin role. Then they created 1 billion fake DOT tokens, over 2,800 times the normal supply of 356,000 tokens.
The thief sold all the fake tokens fast on a decentralized exchange. They got 108.2 ETH, worth around $237,000. Gas fees cost just $0.74.
Hyperbridge stressed this only hit bridged DOT on Ethereum, not Polkadot’s main chain or staking.
How the hack unfolded step by step
Security firm BitsLab broke it down. The attack used one smart contract transaction. Here’s what happened:
- The attacker sent a forged PostRequest message via Hyperbridge’s ISMP protocol.
- They added a real past MMR proof to trick the verification.
- This triggered the TokenGateway to change the DOT contract admin to hacker control.
- Hacker minted 1 billion DOT instantly.
- Sold everything through an Odos Router and Uniswap V4 pool.
Hyperbridge uses cryptographic proofs instead of multi-sig for security. They claimed trust-minimized bridges before. This flaw showed risks in Ethereum-side contracts.
Exchanges reacted fast. Upbit and Bithumb paused DOT deposits and withdrawals. They warned users after spotting the mint.
Team hunts funds, bridge stays offline
Hyperbridge works with security partners to track the stolen ETH. They added safeguards and review them now. Bridging stays paused until safe. Contact ops@polytope.technology for help.
Low liquidity limited damage. 1 billion DOT sounds huge, but the Ethereum bridged supply stayed small. Hacker got $237K max, not billions.
This shows bridge risks. Cross-chain tech grows fast, but exploits hit often. Polkadot ecosystem watches closely. Hyperbridge will update soon.
Leave a comment