An exploit on Hyperbridge allowed hackers to Mint 1 billion Polkadot bridge Token on Ethereum and withdraw approximately $237,000, sparking renewed debate about the security of blockchain bridges.
A hacker exploited a vulnerability in the Hyperbridge cross-chain interoperability protocol (based on Polkadot), earning approximately $237,000 and raising concerns about the security of blockchain bridge infrastructure.
According to blockchain data Chia by the security platform CertiK, the attacker Mint 1 billion Polkadot (DOT ) Token in bridged form in a single transaction on Hyperbridge. The exploit only affected DOT on Ethereum bridged via Hyperbridge, while native DOT and the entire Polkadot ecosystem remained unaffected, Polkadot stated in a post on X on Monday.
CertiK stated that the hacker Mint these Token after "inserting a fake message to change the admin rights of the Polkadot Token contract on Ethereum." The liquidation in the DOT bridge pool meant the amount the hacker obtained was limited to 108.2 ETH , equivalent to approximately $237,000.
Hyperbridge temporarily suspends operations following the exploit.
Hyperbridge was temporarily down following the attack while the team carried out system upgrades. A contributor named Web3 Philosopher stated that initial diagnoses indicated the cause stemmed from a malicious proof that tricked the protocol's Merkle tree verifier.
This exploit is noteworthy because Hyperbridge had previously promoted itself as a proof-based interoperability layer designed to provide “full node-level security” for cross-chain bridges. The incident also comes shortly after Aethir revealed last week that they had contained another bridge exploit, with user losses under $90,000.
Security research firm Blocksec Falcon believes the cause may be a replay proof vulnerability in the Merkle Mountain Range (MMR), stemming from a lack of binding between the proof and the request, although the official cause has not yet been confirmed by the protocol.
The native DOT Token briefly dropped to a daily low of $1.16 on Monday before recovering to above $1.19 at the time of writing, according to CoinGecko.
Hackers exploited the SubQuery Network, stealing $130,000.
Security incidents continue to occur with crypto protocols, although the total losses from DeFi exploits have decreased sharply compared to the same period last year.
On Sunday, the SubQuery Network data indexing protocol was also exploited, resulting in losses of approximately $130,000 due to a lack of access control mechanisms in the data, exposing a vulnerability in code written over two years prior.
This vulnerability allows hackers to set up their own contracts as the address for receiving Staking rewards, according to blockchain security audit expert Pashov, as Chia on X.
In the first quarter of 2026, hackers stole over $168 million from 34 decentralized finance (DeFi) protocols, a significant decrease from the $1.58 billion stolen in the first quarter of 2025 – the time of the record-breaking $1.4 billion Bybit hack.
