• A hacker used a replay flaw to mint 1 billion fake Polkadot tokens via the Hyperbridge gateway.
• The price of DOT dropped 6% to $1.16 before recovering, while the hacker netted $237,000 in ether.
• Hyperbridge developers are now expected to deploy patches to secure administrative smart contract functions.

On April 13, blockchain security firm Certik alerted the cryptocurrency community to an exploit involving the Hyperbridge gateway, where a malicious actor minted 1 billion unauthorized Polkadot tokens on the Ethereum network. Following the incident, the price of DOT briefly plunged from $1.23 to $1.16, a decline of nearly 6%. However, at the time of writing, the token had erased some of those losses, recovering to $1.19.

According to onchain data and security reports, the attacker exploited a vulnerability within the Hyperbridge gateway smart contract. By using a fabricated message to gain administrative privileges over the bridged DOT contract on Ethereum, the perpetrator triggered a single transaction that generated the 1 billion tokens.

Despite the large number of tokens created, the attacker was unable to cash out at the market value because the bridged version of DOT on Ethereum had shallow liquidity.

Analysis from Lookonchain confirms the hacker liquidated the entire 1 billion-token haul in a single swap. The trade yielded approximately 108.2 ether, valued at roughly $237,000 at the time of the transaction. Had the bridged asset been more widely traded, the financial impact could have been substantially higher.

Security experts were quick to clarify that the breach was localized to the Hyperbridge gateway on Ethereum. Polkadot’s core relay chain and the authentic DOT tokens residing on the Polkadot network remain secure and were not impacted by the incident.

In its initial post mortem, Certik said the exploit stemmed from a replay vulnerability in Merkle Mountain Range’s calculateroot function. This flaw meant that proofs were not properly bound to requests, allowing attackers to reuse old state commitments. Downstream, the tokengateway.handlechangeadmin function failed to enforce strict checks, letting attackers arbitrarily input request data.

As a result, malicious code propagated unchecked through the system, ultimately enabling the attacker to change the admin of the Polkadot token. As Certik noted:

“The attacker submitted ‘proof’ value is copied from the ‘_stateCommitments’ in a previous txn… thus making the replay possible.”

Hyperbridge has yet to release a full post-mortem on the specific flaw in the gateway smart contract, but developers are expected to implement patches to prevent similar exploits in the future.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。