How hackers minted 1 billion DOT tokens out of thin air: the Hyperbridge exploit breakdown

Key points:

• Polkadot confirmed that the Hyperbridge bridge issue only affected “wrapped” DOT tokens on Ethereum, not the native assets inside the Polkadot network or any connected projects.
• The attack resulted in approximately $237,000 in losses: the hacker minted 1 billion fake tokens — more than 2,800 times the actual circulating supply of the wrapped DOT.
• The Hyperbridge team has paused the bridge to investigate the vulnerability in the code, specifically a flaw in the Merkle Mountain Range data verification logic.

On April 13, 2026, Polkadot issued a statement following the discovery of a security issue in the contract connecting Ethereum to Hyperbridge. The team confirmed the attack was limited to wrapped DOT tokens on Ethereum. GetBlock AML Research breaks down the Hyperbridge hack.

Rhea Finance hack: DeFi platform loses over $7.6M

Part of the stolen USDT has already been frozen by Tether.

Читать дальше

What caused the Hyperbridge hack: code error

Hyperbridge explained that its system was designed to reduce risks by using mathematical proofs from the blockchain instead of relying on trusted parties. This means the core security concept itself was not broken.

According to the investigation, the root cause was a bug in the Solidity code responsible for verifying data. The flaw allowed the system to accept fake proofs as valid.

This vulnerability enabled the attacker to bypass security checks, gain control over the token contract, and mint 1 billion new tokens — more than 2,800 times the real supply of roughly 356,000 tokens.

Vulnerabilities that led to the hack

The newly minted tokens were quickly sent to decentralized exchanges and sold. Hyperbridge said it is working with security partners to track the funds and attempt recovery. The team also promised to share updates as the investigation progresses.

Operation Atlantic: 20,000 victims and $12m frozen in major crackdown on crypto fraud

Scammers have figured out how to drain crypto wallets without ever stealing your password. We break down the new tactic called approval phishing and just how big the threat has become.

Читать дальше

What happened to the DOT tokens and what risks remain

In its statement, Polkadot said: “We are aware of an issue affecting the Hyperbridge contract on Ethereum.” The team stressed that the problem is isolated to a specific part of the system and does not impact the broader Polkadot network.

They further clarified: “The attack only concerns DOT tokens on Ethereum that were bridged through Hyperbridge. It does not affect tokens within the Polkadot ecosystem or tokens bridged through other bridges.”

As a result, native DOT tokens inside the Polkadot network (including the relay chain and parachains) remain safe. As a precaution, all operations through the affected bridge were immediately paused.

Polkadot stated: “Hyperbridge has been paused pending further investigation.” This decision was made right after suspicious activity was detected.

Later, the Hyperbridge team published a detailed incident report, stating: “On April 13, 2026, a vulnerability in the Hyperbridge token bridging system was exploited, resulting in approximately $237,000 in losses on Ethereum.”

The platform also noted that many cross-chain bridging systems rely on trusted validators or special permissions, which introduce additional risks. Overall, such vulnerabilities have already caused over $2 billion in losses across the industry.