Bridged DOT on Ethereum Exploited After 1 Billion Tokens Minted

Polkadot Bridged DOT on Ethereum Exploited – Attacker Mints and Dumps 1 Billion Tokens

Key Takeaways

• An attacker minted 1 billion bridged DOT tokens on Ethereum after gaining unauthorized admin control.
• The entire minted supply was dumped in a single transaction, generating 108.2 ETH, worth about 237,000 US dollars.
• The exploit targeted the Hyperbridge gateway contract and a bridged representation of DOT, not Polkadot’s native relay chain.
• Neither Polkadot nor Hyperbridge had issued an official response at the time of reporting.

Exploit Targets Bridged DOT Token on Ethereum

Polkadot’s bridged DOT token on the Ethereum network has reportedly been exploited. According to onchain tracker Lookonchain, an attacker minted 1 billion bridged DOT tokens and immediately sold the entire amount in a single transaction.

The sale generated 108.2 ETH, valued at approximately 237,000 US dollars at the time of reporting. Following the minting and sell off, the price of the bridged DOT token reportedly fell from 1.22 US dollars to fractions of a cent.

The incident involved a wrapped or bridged representation of DOT on Ethereum rather than the native DOT token issued on Polkadot’s own relay chain. Bridged tokens are typically used to enable interoperability between blockchains, allowing assets from one network to circulate on another.

Admin Role Manipulated via Forged Message

Blockchain security firm CertiK flagged the exploit as targeting the Hyperbridge gateway contract. According to CertiK, the attacker used a forged message to gain unauthorized control over the system.

Specifically, the attacker was able to manipulate the admin role of a Polkadot token contract deployed on Ethereum. By obtaining admin level permissions, the attacker could mint new tokens without restriction. This led to the creation of 1 billion bridged DOT tokens.

Once minted, the attacker immediately sold the full supply in a single transaction. The rapid mint and dump sequence significantly reduced the token’s market price within a short period.

The method described by CertiK indicates that the exploit was not based on gradual accumulation or trading strategies but on direct contract level control. The forged message reportedly enabled the attacker to alter administrative permissions tied to the token contract.

No Impact on Polkadot Relay Chain or Native DOT

Available reports state that the attack did not compromise Polkadot’s native relay chain. The core network and the original DOT token on Polkadot were not affected by the exploit.

Instead, the incident was limited to the bridged version of DOT operating on Ethereum. This distinction is important for users who hold DOT directly on the Polkadot network, as the reported vulnerability involved a separate contract environment.

Bridged tokens function through smart contracts that lock or mirror assets across chains. As a result, they depend on the security of gateway contracts and cross chain messaging mechanisms. In this case, the Hyperbridge gateway contract was identified as the point of failure.

Onchain Data and Security Firms Flag the Incident

The exploit was first highlighted by onchain tracking accounts and later flagged by blockchain security firm CertiK. According to Lookonchain, the minting and dumping activity occurred within a short timeframe, with the full 1 billion token supply sold in one transaction.

A public post cited in reports stated that the bridged DOT token was exploited on Ethereum and that the admin role had been changed to an attacker controlled contract. The post also noted the immediate minting of 1 billion tokens and the subsequent collapse in price.

At the time of writing, neither Polkadot nor Hyperbridge had issued an official statement addressing the incident. The situation was described as developing, with further updates expected as more information becomes available.

Market Relevance for Cross Chain Token Holders

The exploit highlights the risks associated with bridged or wrapped tokens that operate across multiple blockchains. While the native Polkadot network was not compromised, the Ethereum based representation of DOT experienced severe price disruption following the unauthorized minting.

For users holding bridged assets, the incident underlines that security considerations extend beyond the original blockchain. The integrity of gateway contracts and cross chain communication mechanisms plays a central role in maintaining token supply controls.

In this case, the unauthorized change of the admin role enabled the creation of a large token supply that did not previously exist. The subsequent sell off converted the newly minted tokens into 108.2 ETH before the market price adjusted.

Our Assessment

Based on the reported facts, the exploit affected only the bridged DOT token on Ethereum and did not compromise Polkadot’s native relay chain or the original DOT token. The attacker gained control over the token contract’s admin role through a forged message, minted 1 billion tokens, and sold them in a single transaction for 108.2 ETH.

The incident centers on the Hyperbridge gateway contract and its associated Ethereum deployment. At the time of reporting, no official response had been issued by Polkadot or Hyperbridge. The event underscores the operational and security differences between native blockchain assets and their bridged representations on external networks.