TLDR
- An attacker created 1 billion bridged DOT tokens on Ethereum via a fraudulent message
- The illicitly minted tokens were sold off in a single transaction, yielding approximately 108.2 ETH (~$237,000)
- The attack focused on the Hyperbridge gateway contract operating on Ethereum
- Polkadot’s core relay chain and the genuine DOT token remained secure
- Low token liquidity helped keep the real market impact fairly minimal
(SeaPRwire) – An attacker took advantage of a security flaw in the Hyperbridge gateway contract on Ethereum, generating 1 billion bridged Polkadot tokens illegitimately.
The incident was identified by blockchain security company CertiK. The firm stated the attacker employed a counterfeit message to seize administrative control of the bridged DOT token contract on Ethereum.
#CertiKInsight
We have seen an exploit on the @hyperbridge gateway contract. https://t.co/h27iDm1JGd
The attacker slipped through a forged message to change the admin of Polkadot token contract on Ethereum and profited ~$237K from minting and selling 1B tokens.
Stay… pic.twitter.com/3t2n4uq5hy
— CertiK Alert (@CertiKAlert) April 13, 2026
Using this administrative power, the attacker generated 1 billion tokens in one go.
Onchain analytics provider Lookonchain noted that the complete 1 billion token quantity was subsequently sold in a single trade.
Polkadot(@Polkadot) has been exploited.
The attacker minted 1B $DOT and dumped it all in a single transaction for 108.2 $ETH($237K).https://t.co/4pStYrGb8y pic.twitter.com/wRplAWNnBg
— Lookonchain (@lookonchain) April 13, 2026
The attacker gained 108.2 ETH from the sale, valued at about $237,000 at that moment.
This comparatively modest profit highlights the bridged token’s constrained liquidity on Ethereum.
Given the low number of holders and traders of the bridged asset, the market lacked sufficient depth to handle a billion tokens at their normal value.
What Was and Wasn’t Affected
The breach did not impact Polkadot’s inherent relay chain. The actual DOT token on the Polkadot network was untouched.
The attack solely aimed at the wrapped, or bridged, representation of DOT on Ethereum.
Bridged tokens act as stand-ins for an asset on another blockchain. Their value and safety rely on the integrity of smart contracts.
The Hyperbridge protocol’s purpose is to link various blockchains. A weakness in its gateway contract seems to have served as the attack vector.
Response and Investigation
At the time this report was filed, neither Polkadot nor Hyperbridge had released an official comment.
The precise pathway of the attack is not yet completely verified. An inquiry is still underway.
Cryptocurrency breaches affecting bridges and cross-chain systems have been a persistent problem in the sector.
Here, the monetary loss was restrained relative to other bridge attacks, which have sometimes resulted in hundreds of millions in stolen funds.
CertiK’s investigation indicated the forged message was the technique for hijacking the admin role, but a comprehensive incident report is still pending.
Latest information verifies the attacker’s wallet obtained 108.2 ETH from the token sale, with no additional malicious activity reported up to the time of publication.
This article is provided by a third-party content provider. SeaPRwire (https://www.seaprwire.com/) makes no warranties or representations regarding its content.
Category: Top News, Daily News
SeaPRwire provides global press release distribution services for companies and organizations, covering more than 6,500 media outlets, 86,000 editors and journalists, and over 3.5 million end-user desktop and mobile apps. SeaPRwire supports multilingual press release distribution in English, Japanese, German, Korean, French, Russian, Indonesian, Malay, Vietnamese, Chinese, and more.
