On April 13, an attacker exploited a vulnerability in the Hyperbridge smart contract that connects the Polkadot network with Ethereum, allowing 1 billion DOT tokens to be minted on Ethereum. Following the attack, the hacker was able to exchange the minted DOT for 108 ethers ($237,000) before the bridge was closed.
The CertiK Alert Team explained that the attacker reused a cryptographic proof from a previous legitimate transaction. In cross-chain bridging systems, a proof is a type of digital certificate that proves that an operation actually occurred in the source chain.
The system used by Hyperbridge contained a flaw that, under certain conditions, accepted an old certification slip as valid for a completely different operationwithout verifying that it really corresponded to the message it claimed to authenticate. With the fake proof in hand, the attacker managed to impersonate an authorized administrator and take control of the DOT token contract on Ethereum.
Hyperbridge is a protocol that allows assets to be moved between networks using a mechanism that locks the asset on one chain and issues it on another. In this case, it facilitated the transfer of DOT, Polkadot’s native token, to Ethereum.
On the other hand, from BlockSec, an on-chain analysis company, they specified that Hyperbridge’s contract verification feature used an index system to organize and verify messages, similar to a numbered list.
The failure was that the smart contract did not check that the position of the message was valid within that list. When sending a specific value that took advantage of that omissionthe system skipped verification of the actual content of the message, completely disconnecting the test from the message it was supposed to authenticate. “This allows attackers to forge seemingly valid cross-chain messages,” BlockSec noted.
The attacker’s profit was significantly less than the face value of the minted tokens. Although 1 billion DOT at a market price of $1.16 would currently be equivalent to over $1 billion, DOT moved to Ethereum via Hyperbridge had very low liquidity in decentralized exchange pools.
By selling all the tokens in a single operation, the price plummeted almost instantly due to the effect of volume on a small pool, and the attacker was only able to capture the ETH that was available at that time: 108.2 ETH, equivalent to approximately USD 237,000.
From the official Polkadot account they clarified that the exploit It exclusively affects the DOT transferred to Ethereum through Hyperbridgeand not to the native DOT in the Polkadot ecosystem nor to that deposited in other alternative bridges: “Polkadot, its parachains and the native DOT remain safe and unaffected,” they reported.
Finally, after the exploit, from the Hyperbridge X account confirmed that the bridge between Polkadot and Ethereum affected remains paused with no confirmed reactivation date, while the rest of its multi-network connections are operational.