Hyperbridge released an update regarding the attack, stating that the vulnerability stemmed from a flaw in the Merkle proof verification logic.

According to Foresight News , the blockchain interoperability protocol Hyperbridge disclosed details of a previous DOT attack, resulting in a loss of approximately $237,000. The vulnerability stemmed from a lack of input validation in the `VerifyProof()` function of the `HandlerV1` contract. It failed to validate `leaf_index < leafCount`, allowing attackers to forge Merkle proofs. The attackers then gained administrator privileges on the Ethereum-based bridged DOT token contract, subsequently issuing 1 billion bridged DOT tokens (more than 2,800 times the legitimate circulating supply of approximately 356,000), and cashing out on decentralized exchanges. Hyperbridge stated that it is currently working with security partners to track the funds, and cross-chain functionality will remain suspended until the investigation is complete.