USDPolkadot Hyperbridge Exploit Mints 1B DOT on Ethereum
Bridge breach creates inflated supply but limited cash-out
TL;DR
- 1 billion DOT minted via Hyperbridge Ethereum gateway exploit, not on Polkadot mainnet
- Attacker extracted about $237K despite $1.17B nominal mint value
- Polkadot says core network and assets remain “fully secure and unaffected”
We’ve launched the all-new COIN360 Perp DEX, built for traders who move fast!
Trade 130+ assets with up to 100× leverage, enjoy instant order placement and low-slippage swaps, and earn USDC passive yield while climbing the leaderboard. Your trades deserve more than speed — they deserve mastery.
Polkadot confirmed on April 13, 2026, that an exploit targeting Hyperbridge’s Ethereum gateway contract allowed an attacker to mint 1 billion DOT on Ethereum, while stating that its native network and assets remained unaffected and secure.
Polkadot said its core infrastructure, including parachains, was fully “secure and unaffected,” distinguishing the incident as isolated to the bridge layer rather than the base network. Hyperbridge said it had paused bridging operations “while the team contains the issue,” signaling an active response to limit further exposure.
Exploit mechanics centered on bridge contract control
The attack path involved unauthorized control over the Ethereum-side contract, enabling the creation of a massive synthetic DOT supply that does not exist on Polkadot itself. One description of the exploit said attacker-controlled wallets obtained governance access to the bridge contract, allowing them to manipulate minting functions.
Another account described the attacker using a fake message to take over administrative functions tied to the Ethereum token contract, which enabled the minting of unauthorized tokens. The breach has been consistently identified as affecting the Hyperbridge Ethereum gateway contract, confirming the bridge layer as the failure point.
Cash-out limited despite massive token creation
Although the exploit generated a nominal supply worth about $1.17 billion, the realized value extracted was significantly lower due to liquidity constraints on Ethereum-side markets.
CertiK said the attacker “successfully cashed out about $237K,” while another account identified the disposal as approximately 108 ETH, reflecting the same realized value despite the much larger minted supply.
Market reaction and trading activity surge
DOT prices moved lower following the exploit as Ethereum-side liquidity absorbed the unauthorized tokens. COIN360 price data showed DOT falling from around $1.25 to $1.16 at one point, marking a daily decline of about 7%. The crypto has recovered some losses since then as it rebounded to $1.19, but is still posting a 6.7% loss weekly and 4.5% loss monthly.
Trading volume rose sharply during the event, with 24-hour volume increasing 53% to $215.48 million, indicating heightened activity as traders reacted to the exploit and resulting price volatility.
Additional assets minted and protocol response
The exploit extended beyond DOT, with approximately another $1 billion in ARGN minted alongside additional tokens including MANTA and CERE, expanding the total scale of unauthorized asset creation across the bridge.
Hyperbridge described itself as a cross-chain interoperability protocol built on Polkadot, positioning the exploit within a broader category of bridge-layer vulnerabilities. The incident followed an April Fool’s post by Hyperbridge claiming it had been hacked, a detail that drew criticism after the real exploit, particularly as its update began with “Bridge update!”
FAQ
Was Polkadot itself hacked?
No. Polkadot said its core network remained secure and unaffected.
Where did the exploit occur?
The breach targeted Hyperbridge’s Ethereum gateway contract.
How much value was actually stolen?
About $237,000 was extracted despite $1.17 billion minted.
What assets were affected?
DOT, ARGN, MANTA, and CERE were minted through the exploit.
This article has been refined and enhanced by ChatGPT.
