An unknown hacker exploited a vulnerability in the cross-chain bridge Hyperbridge and gained control of the DOT token contract on Ethereum.

The attacker minted 1 billion DOT tokens and sold them in a single transaction, earning approximately $237 000 in proceeds.

Exploit details

According to CertiK, the attacker substituted a message passing through Hyperbridge, which allowed them to assume administrative control of the token contract.

This modification enabled unrestricted minting of DOT, which the attacker exploited to inflate the circulating supply before liquidating the holdings immediately after.

Financial impact and response

Low market liquidity limited the attacker's gains and prevented larger losses for holders, as the sale absorbed available depth on affected markets.

CertiK confirmed the compromise, and several exchanges temporarily suspended DOT deposits and withdrawals while they investigate potential secondary risks to their platforms.

Context and ongoing work

DOT is the native token of the Polkadot network; bridging assets to Ethereum created the vector for contract manipulation on the destination chain.

Investigations by CertiK and other ecosystem participants are ongoing while teams analyze transaction history and bridge logs to assess the compromise scope.