Overview
- Hyperbridge raised its estimate of realized losses to about $2.5 million after a full review of the April 13 Token Gateway exploit.
- In bridge systems that mint token copies on other networks, a bug in Hyperbridge’s Merkle Mountain Range proof check let the attacker forge a message and mint roughly 1 billion fake DOT.
- The theft unfolded in two stages as the attacker first withdrew about 245 ETH, then dumped the unauthorized DOT into thin decentralized exchange liquidity.
- Damage was limited to bridged token contracts on Ethereum, Base, Arbitrum, and BNB Chain, and the team said native DOT on Polkadot was not affected.
- Hyperbridge paused bridging and is working with Binance and law enforcement to recover funds, and it may allocate BRIDGE tokens to cover any shortfall given a recovery timeline that could stretch months.