News linked to both this project and an event.
According to an official disclosure by Hyperbridge, the losses from the Token Gateway vulnerability incident on April 13 have been revised upward from an initial estimate of $237,000 to approximately $2.5 million. The increase stems primarily from losses incurred in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. The attacker extracted roughly 245 ETH from related contracts, then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT tokens and dumping them onto illiquid markets. Currently, some of the stolen funds have been traced on-chain to Binance. Hyperbridge is collaborating with Binance’s compliance team and law enforcement agencies to investigate the incident. Polkadot-native DOT and products such as Intent Gateway remain unaffected. The Token Gateway and bridged DOT contracts on the four affected EVM chains remain suspended. An external audit of the patched MMR verification logic is underway, and bridging functionality will be restored upon completion of the audit.
Polkadot’s official response to the security vulnerability discovered in Hyperbridge’s Ethereum gateway contract: Hyperbridge services have been temporarily suspended to investigate the issue. This vulnerability affects only DOT tokens bridged to Ethereum via Hyperbridge and does not impact DOT tokens within the Polkadot ecosystem or DOT transferred via other cross-chain bridges. The Polkadot mainnet, parachains, and native DOT remain secure and unaffected.