Fake Cross-Chain Proof Exploit Hits Polkadot Bridged DOT on Ethereum as Attacker Mints 1 Billion Tokens and Dumps Market

Bridged Dot Drained After Fake Proof Bypasses Cross-Chain Security ChecksA vulnerability in a cross-chain bridge tied to Polkadot has led to the creation of 1 billion unauthorised DOT tokens on Ethereum, triggering a sharp price drop and forcing exchanges to halt trading activity.The exploit targeted the Hyperbridge gateway system, where an attacker successfully submitted a falsified cryptographic proof that was incorrectly accepted as valid.Once the forged message passed verification, it triggered contract logic that handed administrative control of the bridged token contract to the attacker’s wallet.With that access, they minted 1 billion DOT tokens, far exceeding the circulating bridged supply at the time, and moved quickly to liquidate them.How A Fake Proof Took Control Of The Token ContractThe incident stemmed from a failure in how the Hyperbridge system validated cross-chain messages.The attacker’s fake proof was treated as legitimate, allowing automated contract execution without human intervention.The compromised function changed the admin rights of the bridged DOT contract on Ethereum, effectively giving the attacker full control over minting permissions.According to blockchain security firm CertiK, this allowed the attacker to seize control before issuing the inflated token supply.#CertiKInsight 🚨We have seen an exploit on the @hyperbridge gateway contract. https://t.co/h27iDm1JGdThe attacker slipped through a forged message to change the admin of Polkadot token contract on Ethereum and profited ~$237K from minting and selling 1B tokens.Stay… pic.twitter.com/3t2n4uq5hy— CertiK Alert (@CertiKAlert) April 13, 2026Onchain analysts from Lookonchain noted that the attacker then deployed the newly minted tokens into decentralised markets in a single sweep, draining liquidity almost immediately.Polkadot(@Polkadot) has been exploited. 🚨The attacker minted 1B $DOT and dumped it all in a single transaction for 108.2 $ETH($237K).https://t.co/4pStYrGb8ypic.twitter.com/wRplAWNnBg— Lookonchain (@lookonchain) April 13, 20261 Billion Tokens Minted And Dumped In Single MoveAfter gaining control, the attacker minted 1 billion bridged DOT tokens, roughly 2,805 times higher than the existing supply at that moment.The tokens were then dumped into Uniswap, where liquidity pools were rapidly drained.The sale generated about 108.2 ETH, valued at approximately $237,000, before funds were routed through Odos Router V3 and returned to the attacker’s wallet.Someone just minted 1,000,000,000 bridged $DOT out of thin air.That's equal to 48% of the native Polkadot token total supply, conjured from a vulnerability, then dumped for 108 $ETH (~$237K) before anyone could blink.Here's what happened- The attacker funded their EOA… pic.twitter.com/EK80KhqBNG— capie.eth (@scoutingcapie) April 13, 2026As the artificial supply flooded the market, the price of bridged DOT collapsed from around $1.22 to near $1, with some trackers showing it falling to tiny fractions of a cent during peak impact.Exchanges React As Trading Controls Are TriggeredThe disruption prompted immediate precautionary measures across trading platforms.Upbit suspended DOT deposits and withdrawals while the situation was assessed, citing concerns over ongoing volatility and token integrity.폴카닷 (DOT) 거래 유의 종목 지정 안내폴카닷 (DOT/KRW, DOT/BTC) 이 DAXA 회원사들에 의해 거래 유의 종목으로 지정되었습니다. Polkadot(DOT/KRW, DOT/BTC) has been flagged with investment warning by Digital Asset eXchange Association(DAXA). 🔗 Discover more: https://t.co/Aa6bK49wdh— Upbit Korea (@Official_Upbit) April 13, 2026Other platforms are understood to be monitoring exposure to bridged DOT tokens on Ethereum as investigations continue, with temporary restrictions expected to remain in place until further clarity is reached.Why The Hyperbridge Model Failed To Prevent The AttackHyperbridge, built as a trust-minimised interoperability system, relies heavily on cryptographic proofs rather than manual validation.In this case, that design became the entry point for the exploit.Developers had structured the system so that verified messages automatically trigger contract execution.However, the attacker managed to generate a forged proof that the system accepted without detecting manipulation, enabling unauthorised administrative changes.Hyperbridge has since paused its Ethereum gateway contract while the vulnerability is reviewed.Polkadot Ecosystem Remains Unaffected Despite Bridged Token CrashThe core Polkadot network, including its parachains and native DOT, has not been impacted.Officials clarified that only DOT tokens bridged to Ethereum via Hyperbridge were affected, while other bridging routes remain intact.We’re aware of an issue affecting @hyperbridge's Ethereum gateway contract. The exploit only affects DOT on Ethereum that is bridged through Hyperbridge and does not affect DOT in the Polkadot ecosystem, or DOT bridged through other bridges. Polkadot, its parachains, and…— Polkadot (@Polkadot) April 13, 2026The situation highlights a contained but significant breakdown within a specific interoperability layer rather than the broader Polkadot ecosystem itself, as teams continue investigating the breach and assessing potential fixes.