$1.1 Billion in Fake Tokens Created
A major vulnerability in a cross-chain bridge allowed a hacker to mint 1 billion tokens of Polkadot, theoretically worth over $1.1 billion.
The exploit targeted Hyperbridge, a system designed to move assets between blockchains like Ethereum and Polkadot.
Despite the staggering scale of the exploit, the attacker only managed to extract around $237,000, exposing a critical reality in DeFi - liquidity matters just as much as vulnerabilities.
Security Update: Token Gateway exploit
— Hyperbridge (@hyperbridge) April 13, 2026
On April 13, 2026, a vulnerability in Hyperbridge’s Token Gateway was exploited, resulting in approximately $237,000 in losses on Ethereum.
Bridging operations were paused immediately after detection, and this is an update on the…
Security Update: Token Gateway exploit
— Hyperbridge (@hyperbridge) April 13, 2026
On April 13, 2026, a vulnerability in Hyperbridge’s Token Gateway was exploited, resulting in approximately $237,000 in losses on Ethereum.
Bridging operations were paused immediately after detection, and this is an update on the…
What Actually Went Wrong
According to Hyperbridge, the issue stemmed from a flaw in its proof verification logic.
That single weakness enabled the attacker to submit a malicious message, ultimately gaining administrative control over the bridged DOT token contract on Ethereum. Once inside, the attacker minted tokens freely0creating a supply that exceeded the legitimate bridged DOT supply by nearly 2,800 times.
Why the Damage Was Limited
In theory, holding 1 billion DOT tokens could have resulted in over $1 billion in profit.
In reality, the attacker was constrained by limited liquidity on decentralized exchanges.
After dumping tokens into available markets, the exploiter could only extract about $237,000, as there simply wasn’t enough demand to absorb the artificially inflated supply.
This prevented what could have been one of the largest financial losses in crypto history.
Contained to Ethereum Bridge
Both Hyperbridge and the Polkadot team confirmed that the exploit was isolated to bridged tokens on Ethereum, meaning the core Polkadot network remained unaffected.
This distinction is crucial, the native Polkadot supply and infrastructure were not compromised
DOT Price Still Under Pressure
Even before the exploit, DOT had been struggling in the market.
The token is currently trading near $1.17, down significantly over the past year and sitting close to its all-time lows. From its peak of nearly $55 in 2021, DOT has lost almost 98% of its value.
The exploit adds further pressure to an already weakened market outlook.
Bridge Security Under Fire Again
This incident is another reminder that cross-chain bridges remain one of the weakest points in crypto infrastructure.
Bridges have been repeatedly targeted due to their complexity and the large amounts of capital they control.
One of the most infamous examples remains the Ronin Network hack in 2022, where attackers stole over $550 million.
More recently, the industry has also seen major exploits like the Drift Protocol attack on Solana, further highlighting ongoing risks in DeFi.
Recovery Efforts Underway
Hyperbridge has taken its platform offline and is working to implement additional safeguards while coordinating with security partners to investigate the exploit and recover funds.
The identity of the attacker remains unknown.
