Polkadot issued an urgent security alert after an exploit on its Hyperbridge smart contract led to the unauthorized minting of DOT tokens, triggering an immediate 10% market correction. The incident, which resulted in a $242K loss via the compromised HandlerV1 contract, highlights escalating risks in cross-chain bridges despite the core protocol remaining secure. This breach comes as decentralized protocols face increased scrutiny from regulators, with the Polkadot DAO now reassessing Hyperbridge's role as its official multi-chain hub.
The contract flaw allowed an attacker to perform a proof replay attack. The bridge allowed the attacker to reuse a previously accepted proof and pair it with a new request, allowing multiple privileged actions such as changing admin permissions. The entire hack was performed on the Ethereum network, not interacting with other Polkadot chains.
According to researchers, the attacker gained admin rights to the bridge contract, allowing the authorization of DOT minting. Certik also confirmed the attacker’s forged message was used to gain admin rights.
On-chain security research discovered several transactions originating with Hyperbridge. This is the third bridge attack against Polkadot, following the XCM bridge exploit in 2025 for $35M, and the Nomad bridge hack in 2022 for $200M.
While the latest attack was the smallest in scale, it still revealed potential flaws with the protocol, adding to the general risk of bridges. The exploit follows the April 1 hack against Drift Protocol, showing an increased effort to grab crypto tokens or use unauthorized minting exploits.
Following the exploit, DOT crashed to $1.19. The flash sale of 1B DOT only led to a 2.9% loss, as the rapid sale arrived with price slippage. The exploiter only managed to exchange the DOT for $237M.
As Cryptopolitan reported, Polkadot decided to cap the DOT supply at 2.1B tokens, but the current hack did not crash the token as much as expected, despite minting more than half the tokens in circulation. All the DOT from the exploit was sold in a single transfer and swapped into ETH.
To sell the tokens, the attacker used a Railgun wallet, already moving the ETH in a series of transactions. Railgun has been rarely used for exploits. In the first hours after the attack, the mixer could not blacklist the addresses fast enough, allowing the attacker to still use the service and disguise the origins of ETH.
The Hyperbridge contracts have been paused, with no reports of additional assets affected. The recent series of hacks happens despite the ongoing bear market, attempting to still extract any available liquidity from crypto tokens.
The smartest crypto minds already read our newsletter. Want in? Join them.
Log in to Reply
Log in to comment your thoughtsComments