Polkadot Finally Responds to Fake 1B DOT Mint as Hacker Dumps Stash

Key Insights:

• Polkadot confirmed that the Hyperbridge Ethereum gateway issue affected only bridged DOT, not native ecosystem assets or parachains.
• The exploit resulted in a loss of $237,000 as the attacker minted 1 billion bridged DOT. That’s more than 2,800x the legitimate circulating supply.
• Hyperbridge halted bridging work as it investigated the Solidity logic Merkle Mountain Range verification vulnerability.

On April 13, 2026, Polkadot released a statement following the identification of a security incident within Ethereum gateway contract in Hyperbridge. The company verified that bridged DOT tokens on Ethereum were affected by an exploit.

Polkadot Address Issues Around Hyperbridge Exploit

It read, “We’re aware of an issue affecting Hyperbridge’s Ethereum gateway contract.” The update made it clear that the problem was confined only to a specific area. It didn’t breach the entire Polkadot network.

The team added, “The exploit only affects DOT on Ethereum that is bridged through Hyperbridge and does not affect DOT in the Polkadot ecosystem, or DOT bridged through other bridges.”

Thus, one can say that the event did not affect Native DOT on the relay chain, parachains, and other ecosystems. However, the Polkadot crypto price plunged significantly after the hack, dropping by 4.77% to $1.16 at press time.

As a precautionary measure, bridging services linked to the affected contract were suspended. Polkadot commented, “Hyperbridge has been paused while the issue is investigated.” The pause came immediately after the suspicious activity seized attention.

Furthermore, Hyperbridge published an incident breakdown detailing the exploit and its aftermath. It said, “On April 13, 2026, a vulnerability in Hyperbridge’s Token Gateway was exploited, resulting in approximately $237,000 in losses on Ethereum.”

The platform emphasized that several cross-chain systems rely on sets of validators or multisignature approvals, creating trust dependencies. It further observed that these types of designs have been associated with cumulative bridge losses exceeding 2 billion in the industry.

What Led to the Security Breach?

Hyperbridge added that its architecture aims to reduce these risks by using cryptographic proofs from the blockchain rather than centralized groups of approvers. Hence, the report suggests that it was not a failure of the cryptographic model that led to this crypto hack.

Rather, it was a bug in the Solidity-based Merkle Mountain Range proof verification logic. This vulnerability was found in the Merkle tree verifier implementation, which was intended to replicate upstream Polkadot logic. The flaw invalidates proofs that the system incorrectly validates.

It was this verification failure that allowed a malicious message to bypass security checks. It then provided the hacker with administrative access to the bridged DOT token contract on Ethereum. The exploiter then minted 1 billion bridged DOT tokens. This number exceeded the legitimate circulating supply of approximately 356,000 tokens by more than 2,800 times.

The new tokens were quickly transferred into decentralized trading platforms and sold. Thus, Hyperbridge affirmed that it remains in contact with its security partners to trace the flow of funds and identify the path to recovery. Moreover, the protocol promised to share further updates as the investigation progresses.

The post Polkadot Finally Responds to Fake 1B DOT Mint as Hacker Dumps Stash appeared first on The Coin Republic.