- Attacker minted 1B DOT and dumped the entire supply for 108.2 ETH ($237K).
- The exploit used forged cross-chain messages via Hyperbridge to gain admin control.
- Mint size reached 2,800x the reported supply of the affected contract.
Polkadot (DOT) has been hit by a cross-chain exploit after an attacker minted 1 billion DOT tokens on Ethereum. The entire supply was dumped in a single transaction, generating 108.2 ETH, roughly $237,000.
On-chain data shows the attacker moved fast. The tokens were minted and swapped immediately, leaving no time for intervention. The scale of the mint was extreme, exceeding 2,800 times the reported circulating supply of approximately 356,000 DOT on the affected contract.
The funds were routed to an externally owned wallet after passing through decentralized liquidity pools.
Hyperbridge Vulnerability Identified
The root cause points to a flaw in the Hyperbridge gateway. The system allows communication between chains using the Interoperable State Machine Protocol.
The attacker forged a cross-chain message and bypassed verification checks. This gave control over the DOT token contract on Ethereum.
A malicious contract setup was deployed in a single transaction. A helper contract then submitted fake state proofs to the vulnerable HandlerV1 contract, allowing execution of a “ChangeAssetAdmin” function.
This action transferred admin and minting rights to the attacker. With full control, the attacker minted the tokens without restriction.
Token Dump and Market Impact
After gaining control, the attacker minted 1 billion DOT and swapped the full amount through OdosRouter and Uniswap V4 pools.
The swap produced 108.2 ETH in return, and the rapid execution limited immediate arbitrage or intervention. Despite the large mint, the profit remained relatively small due to liquidity constraints.
This shows the attacker prioritized speed over maximizing extraction. The event adds short-term pressure on sentiment. Large unauthorized mint events often trigger fear around token integrity and bridge security.
Cross-Chain Risk Back in Focus
No official mitigation update has been confirmed at the time of writing. It is unclear whether contracts have been paused or patched.
The incident brings cross-chain security back into focus. Bridges have historically been one of the largest sources of losses in crypto, with billions lost over time. The DOT exploit shows that message verification and admin control remain critical weak points.
For now, the damage is contained in value terms, but the structural risk remains. Traders will watch for follow-up exploits, fixes, and any response from the teams involved.
Related: Crypto Scam Drains $72,000 as Hackers Exploit Timing Tactics
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
