A significant security incident has sent ripples through the cross-chain ecosystem, involving Hyperbridge, a crucial link facilitating transfers of Polkadot’s DOT token to Ethereum. This breach, occurring on April 13th, underscores persistent vulnerabilities within decentralized finance infrastructure, particularly those bridging different blockchain networks.
The Hyperbridge Exploit Mechanics
The attack on Hyperbridge centered on a vulnerability within its Ethereum gateway contract. Exploiters leveraged the protocol's Interoperable State Machine Protocol (ISMP) to forge a cross-chain message. This allowed them to bypass critical state-proof verification within the smart contract. Ultimately, this sophisticated method granted the attacker unauthorized administrative control over the bridged DOT token contract residing on Ethereum.
Impact and Network Response
Following the breach, the attacker illicitly minted approximately 1 billion bridged DOT tokens. A portion was quickly offloaded, extracting roughly $237,000 in ETH, though shallow liquidity in the Ethereum DOT pool significantly limited further gains. Crucially, the exploit was confined solely to the ERC-20 representation of DOT on Ethereum. Polkadot confirmed that native DOT tokens and other bridges within its parachain ecosystem remained secure and unaffected. In immediate response, Hyperbridge has paused all transactions across its network as comprehensive investigations continue. The incident highlights a broader concern regarding cross-chain bridges that often hold administrative control over token contracts on destination chains. DOT experienced an immediate 3.56% fall following the announcement. It also remains unclear whether similar vulnerabilities exist across other bridged assets using the same gateway contract.
