Hackers exploit Hyperbridge, mint 1 billion fake DOT on Ethereum

Hackers used a flaw in Hyperbridge, a Polkadot-based bridge, to create 1 billion fake bridged DOT tokens on Ethereum, according to blockchain security firms.

CertiK said the bug let the attacker fake messages and take control of the token contract. The attacker then minted the tokens and sold them, making about $237,000.

Onchain Lens said the attacker changed control of the contract before dumping the tokens, causing the price of bridged DOT on Ethereum to crash from $1.22 to almost zero.

Polkadot said the attack only affects DOT bridged to Ethereum through Hyperbridge. It does not affect native DOT on Polkadot or DOT bridged through other services.

Hyperbridge has been paused while the team investigates.

Even though the attack did not hit Polkadot’s main network, native DOT still fell about 4%, from around $1.22 to $1.18.

South Korean exchanges Upbit and Bithumb have temporarily stopped DOT deposits and withdrawals after signs of a security issue.