A significant security breach has been reported involving the Hyperbridge cross-chain gateway connecting the Polkadot and Ethereum networks. According to blockchain security firm CertiK, an attacker exploited a vulnerability in the gateway's smart contract on Ethereum.
The attacker forged a message to gain admin privileges over the bridged DOT token contract on Ethereum. With this control, they minted 1 billion unauthorized DOT tokens in a single action. On-chain tracker Lookonchain confirmed the entire minted supply was subsequently dumped in one transaction on decentralized markets, netting the attacker approximately 108.2 ETH, worth roughly $237,000 at the time of the exploit.
Importantly, the incident was contained to the bridged representation of DOT on Ethereum. Polkadot's native relay chain and the actual DOT token on the Polkadot network were not compromised. The relatively low financial damage, compared to other major bridge hacks, is attributed to the limited liquidity of the bridged token on Ethereum, which prevented the attacker from cashing out at a higher value.
As of the initial reports, neither the Polkadot team nor the Hyperbridge protocol had issued an official statement. The full technical post-mortem of the attack vector remains under investigation by security analysts. The event underscores the persistent security risks inherent in cross-chain bridge infrastructure, where flaws in message validation can lead to catastrophic fake minting events.
