A hacker exploited Hyperbridge, a Polkadot-based cross-chain interoperability protocol, minting 1 billion bridged DOT tokens in a single transaction on Ethereum and converting them into approximately $237,000. The exploit, confirmed by cybersecurity platform CertiK, only affected DOT that was bridged through Hyperbridge on Ethereum. Native DOT tokens and the broader Polkadot ecosystem were not impacted. Hyperbridge paused operations immediately after the attack while the team worked on an upgrade.
Forged Message Changed Token Contract Admin, Enabling Unlimited Minting
CertiKโs analysis showed the attacker gained control by slipping a forged message through the protocol that changed the admin of the Polkadot token contract on Ethereum. With admin access secured, the attacker minted 1 billion bridged DOT tokens and immediately began converting them. Limited liquidity in the bridged DOT pool capped the actual proceeds at 108.2 ETH, worth approximately $237,000 at the time of the attack.
Blockchain security firm Blocksec Falcon identified the likely root cause as a Merkle Mountain Range (MMR) proof replay vulnerability caused by missing proof-to-request binding. Hyperbridge contributor Web3 Philosopher said the initial diagnosis pointed to a malicious proof that successfully fooled the protocolโs Merkle tree verifier. The final root cause has not yet been officially confirmed by the Hyperbridge team.
The exploit carries particular weight because Hyperbridge has marketed itself as a proof-based interoperability layer designed to deliver โfull node securityโ for cross-chain bridges. The attack directly targeted the cryptographic verification layer the protocol presented as its core security guarantee.
Drift Protocol Lost $285M and It Had Nothing to Do With the Code
SubQuery Network Also Hit for $130K in a Separate Weekend Exploit
A day before the Hyperbridge incident, data indexing protocol SubQuery Network was exploited for around $130,000. The vulnerability stemmed from missing access control data in code written over two years ago. The attacker exploited the flaw to set their own contract as the withdrawal target for staking rewards, redirecting funds before the issue was detected.
The two incidents come despite a broader decline in DeFi exploit losses. In the first quarter of 2026, hackers stole over $168 million from 34 DeFi protocols, a significant drop from the $1.58 billion stolen in the same period of 2025, when the $1.4 billion Bybit hack skewed the figures. The Hyperbridge and SubQuery incidents are a reminder that protocol-level vulnerabilities persist even as aggregate losses fall.
Native DOT Unaffected as Polkadot Confirms Ecosystem Is Secure
Polkadot confirmed in a post on X that the exploit was contained to bridged DOT on Ethereum via Hyperbridge, with no impact on native DOT or the Polkadot network itself. The native token briefly dipped to a daily low of $1.16 following news of the exploit before recovering to trade above $1.19. The limited price impact reflects the marketโs understanding that the vulnerability was isolated to one bridge implementation rather than the underlying chain.
The incident also follows a separate bridge exploit last week at Aethir, which the team said it contained before user losses exceeded $90,000. Cross-chain bridge infrastructure remains one of the most consistently targeted surfaces in the DeFi ecosystem, with the verification layer proving to be a recurring attack vector even in protocols built specifically around cryptographic security claims.
