News Heat Trend
Project Overview
Hyperbridge is a cryptoeconomic coprocessor for secure, verifiable interoperability powered by consensus and storage proofs. Hyperbridge is the HTTPS of blockchain interoperability, providing developers with onchain and off-chain SDKs for securely sending cross-chain messages (POST requests) and reading on-chain storage (GET requests).
Hyperbridge: Losses from the vulnerability increased to approximately $2.5 million; some funds have been traced to Binance.
According to an official disclosure by Hyperbridge, the losses from the Token Gateway vulnerability incident on April 13 have been revised upward from an initial estimate of $237,000 to approximately $2.5 million. The increase stems primarily from losses incurred in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. The attacker extracted roughly 245 ETH from related contracts, then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT tokens and dumping them onto illiquid markets. Currently, some of the stolen funds have been traced on-chain to Binance. Hyperbridge is collaborating with Binance’s compliance team and law enforcement agencies to investigate the incident. Polkadot-native DOT and products such as Intent Gateway remain unaffected. The Token Gateway and bridged DOT contracts on the four affected EVM chains remain suspended. An external audit of the patched MMR verification logic is underway, and bridging functionality will be restored upon completion of the audit.
Polkadot Responds to Hyperbridge Vulnerability: Polkadot and Native DOT Unaffected
Polkadot’s official response to the security vulnerability discovered in Hyperbridge’s Ethereum gateway contract: Hyperbridge services have been temporarily suspended to investigate the issue. This vulnerability affects only DOT tokens bridged to Ethereum via Hyperbridge and does not impact DOT tokens within the Polkadot ecosystem or DOT transferred via other cross-chain bridges. The Polkadot mainnet, parachains, and native DOT remain secure and unaffected.
Hyperbridge: Losses from the vulnerability increased to approximately $2.5 million; some funds have been traced to Binance.
According to an official disclosure by Hyperbridge, the losses from the Token Gateway vulnerability incident on April 13 have been revised upward from an initial estimate of $237,000 to approximately $2.5 million. The increase stems primarily from losses incurred in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. The attacker extracted roughly 245 ETH from related contracts, then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT tokens and dumping them onto illiquid markets. Currently, some of the stolen funds have been traced on-chain to Binance. Hyperbridge is collaborating with Binance’s compliance team and law enforcement agencies to investigate the incident. Polkadot-native DOT and products such as Intent Gateway remain unaffected. The Token Gateway and bridged DOT contracts on the four affected EVM chains remain suspended. An external audit of the patched MMR verification logic is underway, and bridging functionality will be restored upon completion of the audit.
Hyperbridge Contract Hit by MMR Proof Replay Vulnerability, Suffering ~$242,000 in Losses
According to BlockSec Phalcon, the HandlerV1 contract managed by Hyperbridge on the Ethereum network was found to contain a Merkle Mountain Range (MMR) proof replay vulnerability, resulting in approximately $242,000 in losses. The vulnerability stems from the lack of binding between proofs and requests, enabling attackers to replay historical valid proofs alongside newly forged requests to perform malicious actions—such as altering administrator privileges. In the specific incident, the attacker changed the Polkadot (DOT) token administrator and then exploited those privileges to mint additional DOT tokens for profit. Observed attack transactions include: changing the DOT token administrator and minting new tokens (losses of ~$237,400), changing the ARGN token administrator and minting new tokens (losses of ~$3,800), and host withdrawal operations. The vulnerability was discovered by PhalconSecurity and analyzed via PhalconExplorer. Previously, the Hyperbridge gateway contract was attacked, leading to the unauthorized minting and subsequent dumping of 1 billion DOT tokens on Ethereum.
Hyperbridge Gateway Contract Attacked; 1 Billion DOT Tokens Minted and Dumped on Ethereum
According to PeckShieldAlert monitoring, approximately 1 billion Polkadot (DOT) tokens have been minted and dumped on the Ethereum network. Details of the incident are still under further verification. According to CertiK monitoring, the Hyperbridge gateway contract was attacked; the attacker forged messages to tamper with the admin privileges of the Polkadot token contract on Ethereum, and profited approximately $237,000 by minting and selling 1 billion tokens.
Hyperbridge: Losses from the vulnerability increased to approximately $2.5 million; some funds have been traced to Binance.
According to an official disclosure by Hyperbridge, the losses from the Token Gateway vulnerability incident on April 13 have been revised upward from an initial estimate of $237,000 to approximately $2.5 million. The increase stems primarily from losses incurred in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. The attacker extracted roughly 245 ETH from related contracts, then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT tokens and dumping them onto illiquid markets. Currently, some of the stolen funds have been traced on-chain to Binance. Hyperbridge is collaborating with Binance’s compliance team and law enforcement agencies to investigate the incident. Polkadot-native DOT and products such as Intent Gateway remain unaffected. The Token Gateway and bridged DOT contracts on the four affected EVM chains remain suspended. An external audit of the patched MMR verification logic is underway, and bridging functionality will be restored upon completion of the audit.
Polkadot Responds to Hyperbridge Vulnerability: Polkadot and Native DOT Unaffected
Polkadot’s official response to the security vulnerability discovered in Hyperbridge’s Ethereum gateway contract: Hyperbridge services have been temporarily suspended to investigate the issue. This vulnerability affects only DOT tokens bridged to Ethereum via Hyperbridge and does not impact DOT tokens within the Polkadot ecosystem or DOT transferred via other cross-chain bridges. The Polkadot mainnet, parachains, and native DOT remain secure and unaffected.
Hyperbridge Contract Hit by MMR Proof Replay Vulnerability, Suffering ~$242,000 in Losses
According to BlockSec Phalcon, the HandlerV1 contract managed by Hyperbridge on the Ethereum network was found to contain a Merkle Mountain Range (MMR) proof replay vulnerability, resulting in approximately $242,000 in losses. The vulnerability stems from the lack of binding between proofs and requests, enabling attackers to replay historical valid proofs alongside newly forged requests to perform malicious actions—such as altering administrator privileges. In the specific incident, the attacker changed the Polkadot (DOT) token administrator and then exploited those privileges to mint additional DOT tokens for profit. Observed attack transactions include: changing the DOT token administrator and minting new tokens (losses of ~$237,400), changing the ARGN token administrator and minting new tokens (losses of ~$3,800), and host withdrawal operations. The vulnerability was discovered by PhalconSecurity and analyzed via PhalconExplorer. Previously, the Hyperbridge gateway contract was attacked, leading to the unauthorized minting and subsequent dumping of 1 billion DOT tokens on Ethereum.
Hyperbridge Gateway Contract Attacked; 1 Billion DOT Tokens Minted and Dumped on Ethereum
According to PeckShieldAlert monitoring, approximately 1 billion Polkadot (DOT) tokens have been minted and dumped on the Ethereum network. Details of the incident are still under further verification. According to CertiK monitoring, the Hyperbridge gateway contract was attacked; the attacker forged messages to tamper with the admin privileges of the Polkadot token contract on Ethereum, and profited approximately $237,000 by minting and selling 1 billion tokens.
Related news
Hyperbridge: Losses from the vulnerability increased to approximately $2.5 million; some funds have been traced to Binance.
According to an official disclosure by Hyperbridge, the losses from the Token Gateway vulnerability incident on April 13 have been revised upward from an initial estimate of $237,000 to approximately $2.5 million. The increase stems primarily from losses incurred in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. The attacker extracted roughly 245 ETH from related contracts, then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT tokens and dumping them onto illiquid markets. Currently, some of the stolen funds have been traced on-chain to Binance. Hyperbridge is collaborating with Binance’s compliance team and law enforcement agencies to investigate the incident. Polkadot-native DOT and products such as Intent Gateway remain unaffected. The Token Gateway and bridged DOT contracts on the four affected EVM chains remain suspended. An external audit of the patched MMR verification logic is underway, and bridging functionality will be restored upon completion of the audit.
Polkadot Responds to Hyperbridge Vulnerability: Polkadot and Native DOT Unaffected
Polkadot’s official response to the security vulnerability discovered in Hyperbridge’s Ethereum gateway contract: Hyperbridge services have been temporarily suspended to investigate the issue. This vulnerability affects only DOT tokens bridged to Ethereum via Hyperbridge and does not impact DOT tokens within the Polkadot ecosystem or DOT transferred via other cross-chain bridges. The Polkadot mainnet, parachains, and native DOT remain secure and unaffected.
Hyperbridge Contract Hit by MMR Proof Replay Vulnerability, Suffering ~$242,000 in Losses
According to BlockSec Phalcon, the HandlerV1 contract managed by Hyperbridge on the Ethereum network was found to contain a Merkle Mountain Range (MMR) proof replay vulnerability, resulting in approximately $242,000 in losses. The vulnerability stems from the lack of binding between proofs and requests, enabling attackers to replay historical valid proofs alongside newly forged requests to perform malicious actions—such as altering administrator privileges. In the specific incident, the attacker changed the Polkadot (DOT) token administrator and then exploited those privileges to mint additional DOT tokens for profit. Observed attack transactions include: changing the DOT token administrator and minting new tokens (losses of ~$237,400), changing the ARGN token administrator and minting new tokens (losses of ~$3,800), and host withdrawal operations. The vulnerability was discovered by PhalconSecurity and analyzed via PhalconExplorer. Previously, the Hyperbridge gateway contract was attacked, leading to the unauthorized minting and subsequent dumping of 1 billion DOT tokens on Ethereum.
Hyperbridge Gateway Contract Attacked; 1 Billion DOT Tokens Minted and Dumped on Ethereum
According to PeckShieldAlert monitoring, approximately 1 billion Polkadot (DOT) tokens have been minted and dumped on the Ethereum network. Details of the incident are still under further verification. According to CertiK monitoring, the Hyperbridge gateway contract was attacked; the attacker forged messages to tamper with the admin privileges of the Polkadot token contract on Ethereum, and profited approximately $237,000 by minting and selling 1 billion tokens.