Polkadot’s DOT fell about 6% after blockchain security firm CertiK reported that an exploit of the Hyperbridge cross-chain gateway on Ethereum enabled the minting of 1 billion unauthorized DOT tokens. The token briefly dropped to $1.16 before recovering.
Key Points
- CertiK reported a replay vulnerability in the Hyperbridge gateway that allowed the creation of 1 billion unauthorized DOT tokens on Ethereum.
- DOT’s price declined roughly 6% to $1.16 before rebounding.
- The incident involved Ethereum-based representations of DOT issued by a bridge, not Polkadot’s native chain.
What Happened
According to CertiK, the attacker exploited a replay flaw affecting Hyperbridge, a cross-chain gateway that issues bridged versions of assets on destination networks such as Ethereum. Replay vulnerabilities occur when a valid message or transaction can be maliciously reused in another context due to insufficient domain separation or nonce verification. In this case, the weakness reportedly enabled the unauthorized minting of 1 billion DOT tokens on Ethereum.
Bridged tokens are representations of assets on non-native networks. When a bridge is compromised, attackers can create unbacked tokens on the destination chain, undermining the peg and potentially impacting liquidity and collateral systems that accept the affected asset.
Market Reaction
Following the disclosure, DOT slipped around 6% to an intraday low near $1.16 before recovering. Incidents that inflate the supply of bridged tokens can pressure decentralized exchanges, liquidity pools, and protocols that rely on the bridged asset as collateral on the impacted chain.
Bridge Security in Focus
Cross-chain bridges remain a prominent target for exploits because they custody assets and facilitate token issuance across networks. Strong replay protections, message validation, and ongoing audits are essential to prevent unauthorized minting or withdrawals. The reported Hyperbridge breach underscores persistent risks in cross-chain infrastructure and the importance of rapid incident response to limit downstream market impact.
Further technical details and remediation steps had not been publicly detailed at the time of publication.