Although crypto hacks are commonplace, incidents where attackers risk major losses but gain minimal financial reward are unusual. This rare event transpired on Sunday.
An attacker identified and exploited a vulnerability in the cross-chain bridge developed by Hyperbridge, which facilitates connections between different blockchains. The exploit involved minting 1 billion Polkadot tokens valued at $1.19 billion on Ethereum and offloading them for roughly $237,000 worth of ether.
This incident is part of a growing list of vulnerabilities found in bridges throughout 2026. Earlier this year, Drift Protocol experienced a $270 million theft from Solana due to an exploit, while another attack involved social engineering rather than code manipulation, compromising infrastructure.
The recent breach targeted the bridge contract itself, leaving Polkadot’s core network and its native token DOT unaffected. The flaw was found in how Hyperbridge’s EthereumHost contract verifies incoming cross-chain messages before forwarding them to TokenGateway.
Bridges are often considered the weakest links within cross-chain systems because they hold administrative control over token contracts on destination chains. A single validation failure can empower an attacker to create unlimited tokens.
On-chain analysis revealed that the attacker sent a forged message through dispatchIncoming, which was then directed to TokenGateway.onAccept. The verification process failed as it stored an all-zeros commitment value instead of checking against a legitimate cross-chain state from Polkadot, allowing the gateway to validate the fraudulent message.
This allowed the attacker to execute changeAdmin on the bridged Polkadot token contract, transferring admin rights to their own address. With control over administration, they minted 1 billion tokens in one transaction and funneled them through Odos Router V3 into a Uniswap V4 DOT-ETH pool. This resulted in approximately 108.2 ETH being extracted across multiple swaps with varying prices.
Typically, weak liquidity or market depth poses significant challenges for large transactions; however, it worked against the attacker by limiting their profit due to insufficient token absorption capacity. The Ethereum bridged DOT pool’s limited depth meant that selling 1 billion tokens overwhelmed available liquidity, yielding just a fraction of a cent per token.
Should this exploit have occurred on a deeper pool or with a higher-value asset, losses would have been substantially greater. As of Monday morning in Asia, DOT trades near $1.20.
CertiK identified the exploit and confirmed that the Hyperbridge gateway contract was the attack vector, resulting in approximately $237,000 profit for the attacker from minting and selling tokens. There has been no public response from Hyperbridge regarding the breach or whether other token contracts utilizing the same gateway are vulnerable to similar attacks.