The Polkadot-based cross-chain protocol Hyperbridge suffered a critical exploit that allowed an attacker to mint 1 billion fake bridged DOT tokens on Ethereum, cashing out roughly $237,000 and exposing a key failure in its proof-based verification system.

Forged proof bypasses “full node security” design

According to blockchain security firm CertiK, the attacker was able to slip a malicious message through Hyperbridge’s verification system by exploiting a flaw in its Merkle tree validation logic. This allowed them to impersonate administrative control of the bridged DOT token contract on Ethereum and mint unbacked tokens at scale.

While the attacker was able to generate 1 billion bridged DOT tokens, the actual profit was limited to around 108.2 ETH, or roughly $237,000, due to shallow liquidity in the affected pool.

Importantly, native DOT on the Polkadot network and the broader ecosystem were not impacted, as the exploit only affected the Ethereum-based bridged representation of the asset. The token briefly dropped to a daily low of $1.16 before recovering above $1.19.

The incident is particularly notable given Hyperbridge’s positioning as a proof-based interoperability layer designed to deliver “full node security” for cross-chain transfers without relying on centralized intermediaries.

However, contributors and blockchain researchers now suggest the exploit likely stemmed from a Merkle Mountain Range proof replay vulnerability, caused by missing proof-to-request binding.

In simpler terms, the system failed to properly verify whether incoming messages matched legitimate requests, allowing the attacker to manipulate contract permissions.

Following the incident, Hyperbridge paused operations while engineers worked on upgrades and forensic analysis.

The exploit also comes shortly after another bridge-related incident involving Aethir, which managed to contain losses below $90,000, underscoring how frequently interoperability layers remain under attack.

Bridge exploits remain DeFi’s recurring weak point

The Hyperbridge incident adds to a steady stream of security breaches across decentralized finance, even as total losses have declined year-over-year.

In Q1 2026 alone, hackers stole approximately $168 million from 34 protocols, according to industry data, down significantly from $1.58 billion in Q1 2025, which included the record-breaking Bybit exploit.

More recently, the SubQuery Network was also exploited for around $130,000 due to an access control vulnerability that had existed for more than two years. In that case, attackers redirected staking rewards by exploiting outdated contract logic.

The Hyperbridge exploit highlights a recurring issue in Web3 infrastructure: while bridge protocols aim to solve blockchain fragmentation, they often introduce some of the most complex and attack-prone systems in crypto.

In this case, a failure in proof verification was enough to allow unbacked token issuance at scale—undermining the protocol’s core security assumptions.

Although the financial impact was relatively small, the reputational damage is more significant. A system marketed around trust-minimized, proof-based security was ultimately compromised by a flaw in its verification design.

As competing interoperability solutions continue to emerge, from native parachain models to alternative bridge frameworks, the incident reinforces a persistent reality in DeFi: cross-chain infrastructure remains one of the ecosystem’s most fragile layers.