Polkadot Hyperbridge April Fools’ joke comes true as over 1 Billion fake DOT tokens were minted on Ethereum

Dijital varlık piyasalarında kritik bir gelişme söz konusu. Hyperbridge, a decentralized bridge connecting the Polkadot ecosystem to the Ethereum network, suffered a major security breach that allowed an attacker to mint 1 billion unauthorized DOT tokens. However, the hacker’s potential multimillion-dollar payday was drastically cut short to around $240,000 as there simply was not enough liquidity to cash out the fabricated assets. While the direct financial losses from the exploit were relatively contained, the incident has sent shockwaves through the Polkadot ecosystem, driving the network's DOT native token toward its all-time low amid broader market anxieties regarding cross-chain security.

Related Reading Polkadot ecosystem thriving with $210 million treasury amid record transactions in 2024 Polkadot's ecosystem thrives with new interoperability solutions, as its Treasury marks a significant financial milestone. Dec 31, 2024 Oluwapelumi Adejumo Anatomy of the Hyperbridge exploit Security experts explained that the vulnerability resided in how Hyperbridge’s contracts validated incoming cross-chain messages before passing them along to the token gateway. Blockchain security firm BlockSec Phalcon identified the root cause as a “Merkle Mountain Range (MMR) proof replay vulnerability.

Piyasa Dinamikleri

” This is essentially a cryptographic blind spot that allowed the attacker to recycle old, valid security proofs and attach them to malicious, newly crafted requests. At the core of the breach was a missing input validation within the system's `VerifyProof()` function. In standard cross-chain operations, a bridge must verify that a request originating on one blockchain is authentic before executing a corresponding action, such as minting tokens, on another.

In this instance, the Hyperbridge contract failed to properly bind the submitted request payload to the validated proof. The system merely checked that a request hash had not been used before, without verifying if the proof actually matched the message it was supposed to authenticate. By manipulating the index parameters, the attacker bypassed the system's root computation entirely.

This disconnect enabled the hacker to forge a valid cross-chain message, elevate their privileges to administrator status, and command the contract to mint 1 billion DOT tokens on Ethereum. Meanwhile, the primary token minting was preceded by an initial, quieter attack. On-chain analyst Specter noted that roughly an hour before the massive DOT fabrication, an attacker exploited a related TokenGateway contract to siphon 245 ETH, worth approximately $537,000.

Piyasalara Etkisi

Polkadot-Based Hyperliquid's Exploit (Source: Specter) These funds were rapidly fragmented, distributed across 15 separate wallet addresses in increments of roughly 16. 4 ETH, and laundered through the privacy protocol Tornado Cash . How shallow market depth mitigated the damage While the minting of 1 billion tokens usually signals a catastrophic, protocol-killing event, the attacker was thwarted by the very mechanics of decentralized finance: market depth.

When a hacker steals assets, they typically swap them into an automated market maker (AMM) liquidity pool for a more liquid, stable asset, such as Ethereum or a stablecoin. A liquidity pool prices assets based on the ratio of tokens held within it. In this scenario, the bridged DOT pool on Ethereum was relatively shallow.

When the attacker attempted to dump 1 billion forged tokens into the pool to extract ETH, the sheer volume of the sell order immediately overwhelmed the available liquidity. As a result, the algorithm, rebalancing the ratio, drastically reduced the price of bridged DOT from $1. 22 to tiny fractions of a cent within milliseconds.

Blockchain ekosistemindeki bu gelişme, dijital varlık piyasalarını şekillendirmeye devam ediyor. Uzmanlar, konunun yakın vadeli etkilerini mercek altına alıyor.