Polkadot Exploit Mints 1B Fake DOT On Ethereum

An attacker minted 1 billion unauthorized bridged Polkadot (DOT) tokens on Ethereum, extracting roughly $237,000 before markets reacted. The incident highlights persistent vulnerabilities in cross-chain infrastructure despite limited direct losses.

The exploit targeted Hyperbridge, a Polkadot-based interoperability protocol, where a flaw in the gateway contract allowed forged messages and administrative takeover. Blockchain security firm CertiK reported that the attacker gained control of the token contract, minted the tokens, and rapidly sold them. Onchain data shows the manipulated supply triggered a collapse in bridged DOT prices.

Are Cross-Chain Bridges Still The Weakest Link?

The price of bridged DOT on Ethereum fell from $1.22 to fractions of a cent during the exploit, according to Onchain Lens. While the attack was isolated to bridged assets, the impact spread to broader markets. Native DOT declined about 4%, falling to $1.18, reflecting spillover risk even when core networks remain unaffected.

Polkadot confirmed the exploit did not impact the native chain or other bridging routes, limiting systemic damage. The team said Hyperbridge operations have been halted pending investigation. Meanwhile, South Korean exchanges Upbit and Bithumb suspended DOT deposits and withdrawals, citing signs of a security incident and aiming to contain potential contagion.

The structure of the attack mirrors prior bridge exploits where control over message validation enables unauthorized minting. Yet the relatively small profit compared to the scale of minted tokens suggests liquidity constraints limited the attacker’s exit. Does this indicate improved market resilience or simply reduced exploitable depth in bridged assets?

Attention now shifts to remediation and whether additional vulnerabilities exist across similar bridge architectures. The next catalyst will be findings from the ongoing investigation and whether exchanges resume normal operations without further disruptions.