An attacker has exploited Hyperbridge’s ISMP cross‑chain gateway to mint 1 billion counterfeit DOT tokens on Ethereum, then cashed out the proceeds in ETH. The incident hit a wrapped DOT representation bridged from Polkadot and did not touch the native DOT token on Polkadot’s own chain.
Despite the massive false mint, on-chain security specialists estimate that the vulnerability yielded the attacker around 108.2 ETH, or $237,000. Due to liquidity constraints, the price of bridging DOT on Ethereum rapidly dropped from about $1.22 to almost zero amid excessive selling.
How the Hyperbridge ISMP Exploit Worked
The attack targeted Hyperbridge, a cross‑chain infrastructure built by Polytope Labs that uses the Interoperable State Machine Protocol (ISMP) to relay messages between chains. According to security firm CertiK and independent researcher ExVul, the attacker forged cross‑chain state proofs and slipped them through Hyperbridge’s verification pipeline.
Those forged proofs reached the HandlerV1.handlePostRequests() function, which accepted them as valid and allowed a fake governance message to be sent. That message executed a ChangeAssetAdmin action on the bridged DOT contract, transferring admin and minter rights on Ethereum to the attacker’s address.
With the minting role in hand, the attacker minted 1,000,000,000 DOT on Ethereum, more than 2,800 times the usual bridged supply of about 356,000 tokens. They then routed the fake DOT through the Odos Router and Uniswap v4 pools, depositing the tokens into available liquidity and receiving around 108.2 ETH in return.
Cash‑out Trail and Related Attacks
Investigators report that the exploiter funded their activity via Railgun and Synapse Bridge, then operated the funding wallet for about 33 days and over 50 transactions before triggering the exploit. After swapping the counterfeit DOT, the attacker returned the 108.2 ETH to their externally owned account, which remains under close monitoring.
Security researchers also flagged a second, smaller exploit using the same Hyperbridge pipeline earlier that day. In that case, a different address abused the TokenGateway.onAccept() path to drain about $12,000 in MANTA and CERE tokens. Both incidents point to the same root cause: insufficient state‑proof verification inside the ISMP flow.
Although early reports emphasize that only bridged assets on Ethereum were impacted, not the Polkadot mainnet, neither Hyperbridge nor the official Polkadot team has released a thorough public post-mortem as of yet.
READ MORE: Dogecoin (DOGE) Coils for 30% Move After 70-Day Accumulation
