Polkadot-based cross-chain solution Hyperbridge has encountered a major flaw that allows attackers to create more than one billion tokens without permission and quickly dump them on Ethereum, as documented by blockchain security firm CertiK.
# CertiKsight 🚨
We have seen rape on @hyperbridge gateway contract. https://t.co/h27iDm1JGd
The attacker passed a fake message to change the administrator of the Polkadot token agreement on Ethereum and gained ~$237K from minting and selling 1B tokens.
Be… pic.twitter.com/3t2n4uq5hy
– CertiK Alert (@CertiKAlert) April 13, 2026
Chain analysis shows a breach occurred on April 13 when the threat wallet gained access to control the bridge connection. He then created 1 billion DOT on Ethereum and sold the entire amount within about an hour, which caused prices to drop from around $1.22 to almost zero in the affected pools.
The descendants of the Polkadot blockchain were not directly affected.
DOT fell from $1.23 to $1.17 when the reports broke, for CoinGecko.
Hyperbridge is a Polkadot interoperability coprocessor designed to securely communicate using cryptographic state and shared credentials across shared security parachains.
This is a growing issue. We will provide more updates as they become available.
