TLDR
- An attacker minted 1 billion bridged DOT tokens on Ethereum.
- The forged mint was reportedly tied to a Hyperbridge gateway exploit.
- The attacker dumped the full supply and received 108.2 ETH.
- Reports said Polkadot’s native relay chain was not affected.
- CertiK and Lookonchain both flagged the incident on April 13.
Bridged Polkadot on Ethereum was reportedly hit by an exploit after an attacker minted 1 billion DOT tokens. The attacker then sold the full amount in one move and received 108.2 ETH. Early reports linked the incident to a vulnerability in the Hyperbridge gateway contract. The event appears to have affected only the bridged token, not Polkadot’s native chain.
Attacker mints bridged DOT and sells entire supply
Reports said the attacker created 1 billion bridged DOT on Ethereum without proper authorization. The tokens were then sold in a single transaction. Lookonchain said the sale returned 108.2 ETH, worth about $237,000 at the time.
The scale of the mint drew quick attention because the new supply was far above normal levels. Traders and onchain analysts began tracking the wallet activity soon after the transaction. The incident spread across crypto markets as the details emerged.
Lookonchain described the sequence in clear terms. It said the attacker minted the tokens and then dumped them at once. That trading pattern pointed to a direct exploit rather than normal market activity.
At the time of reporting, there was no confirmed sign of damage to Polkadot’s native DOT on its own network. The reported loss appeared limited to the Ethereum-based bridged version. That distinction became central to the early response.
Reports point to a Hyperbridge gateway contract issue
Blockchain security firm CertiK said the exploit targeted the Hyperbridge gateway contract. According to the firm, the attacker used a forged message to gain control. That access then allowed changes to the admin role of a Polkadot token contract on Ethereum.
CertiK said the attacker could mint tokens after taking that admin role. The result was the creation of 1 billion bridged DOT. The firm’s early findings suggested the issue came from message validation, not from Polkadot’s relay chain.
The reports framed the exploit as a bridge-related failure. That matters because bridge systems move assets between networks and often rely on contract permissions. When those controls fail, attackers can create or move wrapped tokens without backing.
The available information remained limited. However, the initial reports were consistent on one point. They said the exploit affected the wrapped DOT representation on Ethereum only.
No official response yet as security concerns return
At the time of writing, neither Polkadot nor Hyperbridge had issued an official public response. The story was still developing, and more technical details had not yet been shared. That left the market relying on early posts from tracking and security firms.
CertiK “flagged the exploit targeting the Hyperbridge gateway contract” in its initial notice. Lookonchain also reported that the attacker “dumped the entire supply in a single transaction.” Those statements shaped the first public understanding of the event.
The incident comes as bridge security remains a major issue across crypto markets. Wrapped assets depend on smart contracts, admin controls, and message checks. When one part fails, the bridged token can lose trust quickly.
Get 3 Free Stock Ebooks
Discover top-performing stocks in AI, Crypto, and Technology with expert analysis.
- Top 10 AI Stocks - Leading AI companies
- Top 10 Crypto Stocks - Blockchain leaders
- Top 10 Tech Stocks - Tech giants
