Hyperbridge Gateway Contract Attacked, 1 Billion DOT Minted Illegally

$DOT ‌
On April 13, blockchain security firm CertiK Alert detected that the Hyperbridge gateway contract was under attack. The attacker tampered with the administrator permissions of the Polkadot token contract on Ethereum by forging messages, and then minted and sold 1 billion tokens, earning approximately $237,000.

On-chain data shows that, about an hour earlier, the attacker used the compromised administrator permissions to transfer control of the contract to a malicious address, minted 1 billion tokens, and immediately dumped them, causing the token price to fall sharply from $1.22 to nearly zero.

Highlight:
1. It was the Hyperbridge gateway contract that was attacked, not Polkadot’s official cross-chain bridge.
2. The minted tokens are Hyperbridge’s bridged version of DOT on Ethereum (not native DOT). The attack does not affect the total DOT amount or security of Polkadot’s mainnet.
3. The attack target was limited to the Hyperbridge contract on Ethereum; the Polkadot native chain was not affected in any way.
4. The incident has no direct relation to Polkadot’s official bridges (such as Snowbridge).

Hyperbridge is a third-party cross-chain bridge project in the Polkadot ecosystem, not the core infrastructure built and maintained by Polkadot. What this incident reveals is a security issue with third-party bridging contracts, not that the Polkadot network itself has vulnerabilities.