Hyperbridge developers are expected to implement patches to secure administrative smart contracts and prevent similar exploits, with a full post-mortem forthcoming.

South Korean exchanges Upbit and Bithumb temporarily halted DOT deposits and withdrawals as investigators assess the incident.

Hyperbridge suspended operations and began an upgrade, with early assessments pointing to a malicious proof deceiving the protocol’s Merkle tree verifier.

The broader crypto security landscape shows continued incidents, with about $168 million stolen from 34 DeFi protocols in Q1 2026, down from $1.58 billion in Q1 2025.

Hyperbridge has not issued a public comment or disclosed whether other bridged tokens using the same gateway are at risk.

Related incident: SubQuery Network was compromised for about $130,000 due to missing access control data, allowing the attacker to redirect staking rewards.

Market dynamics constrained profits; the bridged DOT pool’s low liquidity limited attacker gains, yielding only a small fraction of a cent per token.

An attacker exploited a vulnerability in Hyperbridge's cross-chain gateway to mint 1 billion Polkadot tokens on Ethereum and then sold about 108.2 ether (roughly $237,000) worth of the bridged DOT.

The forged cross-chain message bypassed state proof validation in the EthereumHost/TokenGateway path, granting admin control over the bridged DOT token and enabling minting of the entire supply.

A replay vulnerability in the Merkle Mountain Range calculateroot function was used to gain administrative privileges and manipulate the bridged DOT contract on Ethereum.

The report notes the story is developing and that Hyperbridge had not yet issued a public comment at the time of reporting.

Analyses suggested the root cause is a Merkle Mountain Range proof replay vulnerability due to missing proof-to-request binding, though confirmation was pending.