The Polkadot blockchain ecosystem faced a targeted security incident today when a vulnerability in Hyperbridge’s Ethereum Token Gateway contract was exploited.
An attacker forged cross-chain messages, gained administrative control over the bridged DOT contract on Ethereum, minted approximately 1 billion fake wrapped DOT tokens, and dumped them in a single transaction for around 108.2 ETH (roughly $237,000) due to extremely low liquidity in the pool.
Speaking on the incident, Polkadot wrote in a post on X,
Register for Tekedia Mini-MBA edition 20 (June 8 – Sept 5, 2026).
Register for Tekedia AI in Business Masterclass.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab.
According to official statements from both Polkadot and Hyperbridge, the attacker exploited a flaw that allowed them to forge ISMP (Interoperable State Machine Protocol) messages from the Polkadot side. This tricked the Ethereum-side gateway into granting admin rights on the wrapped DOT ERC-20 contract.
Once in control, the attacker minted the massive supply of fake tokens and immediately sold them on a decentralized exchange (reportedly Uniswap). The low liquidity caused the bridged DOT price on Ethereum to crash sharply toward zero in the process.
The full transaction details have been shared by the community, highlighting how the exploit unfolded in one swift move. Polkadot was quick to clarify the limited scope of the breach:
After gaining control, the attacker minted a massive supply of fraudulent tokens and swiftly offloaded them on a decentralized exchange, reportedly Uniswap, triggering a sharp collapse in the bridged DOT price on Ethereum due to low liquidity, which caused the asset’s value to plunge toward zero in a single move.
Transaction details shared by the community revealed how the exploit unfolded almost instantaneously, prompting Polkadot to clarify that the breach was narrowly contained, affecting only DOT that had been bridged to Ethereum through Hyperbridge as a wrapped ERC-20 token, while native DOT on the Polkadot relay chain, assets across its parachains, DOT bridged through other providers, and user holdings in wallets or staking remained completely unaffected.
The core Polkadot network, its consensus, governance, and parachain operations continue to function normally with no compromise. Hyperbridge immediately paused all bridging operations to contain the issue and launched an investigation. A detailed post-mortem is expected in the coming days.
Market Reaction
The news triggered a short-term dip in the native DOT price, with reports of around a 6% decline and some liquidations across the market. Several exchanges temporarily halted deposits/withdrawals of the bridged version to prevent further issues.
However, native DOT showed resilience given the contained nature of the exploit. This incident serves as a reminder of the persistent risks in cross-chain bridging infrastructure, even for protocols like Hyperbridge that have emphasized advanced cryptographic security.
The crypto industry has seen numerous bridge exploits in the past, some resulting in hundreds of millions in losses.
While this $237K incident is relatively small in scale, it underscores the importance of careful bridge selection and the ongoing challenges in achieving truly secure cross-chain communication.
Notably, this marks the latest in a string of bridge-related exploits that have plagued decentralised finance, where billions have been lost historically due to proof validation gaps and configuration errors.