What to know:
- An attacker exploited a proof verification flaw in Hyperbridge’s Token Gateway, causing about $237,000 in losses.
- The attacker minted 1 billion fake bridged DOT tokens and sold them before the system was paused.
A major security incident has hit the Hyperbridge network after attackers exploited a vulnerability in its Token Gateway system.
The exploit led to about $237,000 in losses on Ethereum. Hyperbridge immediately paused all bridging operations after detecting the attack. The team confirmed that the issue only affected bridged DOT on Ethereum and did not impact other networks or assets.
The problem came from a weakness in the platform’s Solidity-based Merkle Mountain Range (MMR) proof verification logic. The system failed to properly validate inputs inside the VerifyProof function, which allowed invalid proofs to be incorrectly accepted as valid.
How the Hyperbridge Exploit Happened
According to some researchers from BlockSec Phalcon reported that the attacker used missing input validation rules to forge proofs. In particular, the system did not enforce proper checks like ensuring the leaf index was less than the total leaf count.
Source: Blocksec Phalcon
This design flaw allowed the attacker to trick the system into accepting fake verification data. Once the invalid proof was accepted, the attacker gained unauthorized administrative control over the bridged DOT token contract on Ethereum.
Also Read: Crypto Alert: Teen Hackers Exploit SIM Vulnerabilities in Massive $37M Heist
Impact on the Network
After successfully gaining control, the attacker minted 1 billion bridged DOT tokens. This amount was more than 2,800 times the real circulating supply of about 356,000 tokens.
The attacker then sold a large portion of these tokens on decentralized exchanges, causing disruption in the market. Hyperbridge later confirmed that native DOT on the Polkadot relay chain and other assets across the ecosystem were not affected.
So far, Hyperbridge has paused all bridging activity while investigations continue. The team is working with security partners to trace and possibly recover the stolen funds. They also stated that they are reviewing the entire verification system to prevent similar exploits in the future.
This article contains market analysis and price predictions. These are not guarantees. Crypto markets are volatile. Always DYOR. Not financial advice.
Also Read: Bitcoin Inflows Drop to 3,998 BTC, Lowest Since 2020
Be the first to comment