Share This Article
A major exploit hit Hyperbridge on April 13 after an attacker managed to mint 1 billion fake bridged DOT tokens on Ethereum, then dump them into the market for a relatively small real-world haul of around $237,000. The headline number looked enormous, but the actual damage was limited by thin liquidity and the fact that the attack did not touch Polkadot’s native chain.
That distinction matters.
Polkadot has already moved to calm the market, saying the exploit only affected DOT on Ethereum that had been bridged through Hyperbridge. According to the project’s official forum update, native DOT, Polkadot itself, and other DOT bridged through different systems were not affected. Hyperbridge has since been paused while the issue is investigated.
So while the story is being framed in some places as a “Polkadot hack,” this was really a bridge-layer failure, not a failure of Polkadot’s underlying network. That is a crucial difference for anyone trying to understand whether the token’s actual supply was compromised. Based on Polkadot’s own statement, it was not.
According to reporting that cited blockchain security researchers, the attacker exploited Hyperbridge’s Ethereum gateway contract, seized effective control over the bridged DOT token contract, minted roughly 1 billion unauthorized tokens, and then dumped them into available liquidity. CertiK’s incident page and multiple reports put the realized proceeds at about 108.2 ETH, which works out to roughly $237,000 at current ETH prices.
That mismatch between fake value created and real value extracted is one of the most telling parts of the incident.
On paper, 1 billion fake DOT sounds catastrophic. In practice, the attacker ran into a much more mundane limit, there simply was not enough liquid exit capacity to turn that mountain of counterfeit bridged tokens into anything close to its notional value. The exploit inflated the visible supply of the bridged asset, but not the genuine supply of DOT secured by the Polkadot network.
Even so, the market reaction was sharp. DOT traded as low as $1.16 on April 13, with an intraday high of $1.25, reflecting the immediate panic around the news. At the time of the latest market data, DOT was sitting around $1.17.
Centralized exchanges also moved quickly. Reports say Upbit and Bithumb temporarily suspended DOT deposits and withdrawals after the exploit surfaced, showing how seriously platforms treated the bridge risk even though the native chain itself remained unaffected.
What makes the incident especially awkward for Hyperbridge is its recent messaging. Just days before the exploit, the project published an April 1 post titled “The Hyperbridge Hack Explained,” which said the piece was an April Fools’ joke and argued that Hyperbridge’s model avoids the trust assumptions that have broken other bridges in the past. Less than two weeks later, the protocol is dealing with a real exploit involving its Ethereum gateway contract.
That contrast is likely to keep this story alive beyond the initial market shock.
Bridge exploits are not new in crypto, but they continue to expose the same uncomfortable truth, security claims often sound strongest right before the edge cases get tested in public. Hyperbridge’s broader pitch has centered on verification and trust minimization, and its own blog has repeatedly positioned the protocol as a response to the bridge failures that have cost the industry billions. This incident does not automatically invalidate that vision, but it does show that implementation risk still matters just as much as architecture.
For Polkadot, the immediate challenge is reputational. Even when a bridge is the point of failure, the base asset often absorbs the headline damage. That leaves DOT holders in the familiar position of having to explain that the network was not hacked, only for the market to sell first and sort out the details later.