Hyperbridge Confirms Bridged Polkadot Exploit Was 10x Worse Than First Reported
Hyperbridge has revised losses from its April 13 exploit to roughly $2.5 million. That is about 10 instances the unique estimate of $237,000.
The group disclosed the brand new determine in a post-incident replace on April 16. The revision provides losses from related incentive swimming pools. It additionally displays forensic work throughout 4 EVM chains.
What the Revised Figure Includes
According to preliminary reviews, an attacker minted 1 billion bridged DOT tokens and liquidated your entire quantity in a single transaction, producing 108.2 ETH (roughly $237,000).
However, the group famous that the determine didn’t replicate the whole state of affairs.
“Following reconciliation of attacker exercise throughout every of the 4 chains, the two-phase nature of the assault, and losses from the related incentive swimming pools, the revised whole realized loss is roughly $2.5 million, denominated in ETH and DOT on the time of the exploit,” the blog learn.
Follow us on X to get the newest information because it occurs
The evaluation additionally clarified the sequence of occasions resulting in the breach. What seemed like a single exploit was the truth is two linked occasions about an hour aside.
The attacker initially extracted approximately 245 ETH from the Token Gateway contract. Roughly an hour later, they carried out unauthorized minting of practically 1 billion bridged DOT tokens.
These have been subsequently offloaded into out there liquidity throughout decentralized exchanges.
“On April 13, 2026, an attacker exploited a vulnerability within the Merkle Mountain Range (MMR) proof verification logic, permitting the wrongdoer to mint property and drain escrowed property on Token Gateway. This affected DOT token swimming pools on related EVM networks: Ethereum, Base, BNB Chain, and Arbitrum,” the group defined.
The group emphasised that the exploit remains contained throughout the Token Gateway and the impacted bridged token contracts on the EVM networks.
Hyperbridge Recovery Path and Compensation
The weblog revealed that a good portion of stolen funds has been traced to Binance. Hyperbridge mentioned it’s working with the change’s compliance group and regulation enforcement on asset freezes. The group cautioned that significant restoration might take months to a 12 months.
If restoration falls quick, affected customers might be made entire in BRIDGE tokens, the native asset of the Hyperbridge community. The compensation mechanism and disbursement schedule might be shared on April 13, 2027, precisely one 12 months after the exploit.
“Pursuing restoration first, earlier than any token-based compensation, is in service of affected customers. Issuing token compensation prematurely, earlier than on-chain tracing, change compliance processes, and regulation enforcement coordination have been given the time they should produce outcomes, would dilute the very asset we’re committing to affected customers and scale back the actual worth they in the end obtain,” Hyperbridge talked about.
The group added that the Token Gateway stays paused and won’t resume operations till the vulnerability is totally patched, the repair has undergone an unbiased audit with the report made public, and extra safeguards are carried out and operational. The coming months will check whether or not Hyperbridge can recover a meaningful share of the stolen funds.
The submit Hyperbridge Confirms Bridged Polkadot Exploit Was 10x Worse Than First Reported appeared first on BeInCrypto.
