{"id":60530,"date":"2026-04-13T16:15:00","date_gmt":"2026-04-13T12:15:00","guid":{"rendered":"https:\/\/azat.tv\/en\/?p=60530"},"modified":"2026-04-13T13:51:00","modified_gmt":"2026-04-13T09:51:00","slug":"hackers-mint-dot-tokens-ethereum-exploit","status":"publish","type":"post","link":"https:\/\/azat.tv\/en\/hackers-mint-dot-tokens-ethereum-exploit\/","title":{"rendered":"Hackers Mint $237K in DOT Tokens via Ethereum Exploit"},"content":{"rendered":"<div style='background:#f7fafc;padding:15px;'>\n<p><strong>Quick Read<\/strong><\/p>\n<ul>\n<li>Hackers minted approximately $237,000 worth of DOT tokens on Ethereum via a Hyperbridge gateway exploit.<\/li>\n<li>The attack manipulated a Polkadot token contract administrator by forging messages, exploiting a gateway vulnerability.<\/li>\n<li>Polkadot confirmed native DOT assets and its core network remain unaffected; Hyperbridge has been paused.<\/li>\n<\/ul>\n<\/div>\n<p><strong>NEW YORK (Azat TV) \u2013<\/strong> Hackers exploited a vulnerability in the Hyperbridge gateway to mint and sell approximately $237,000 worth of Polkadot&#8217;s DOT tokens on the Ethereum mainnet. The exploit, first reported by blockchain security firm Certik, involved manipulating the administrator of a Polkadot token contract on Ethereum by forging messages.<\/p>\n<h2>Hyperbridge Gateway Vulnerability Exploited<\/h2>\n<p>The attack specifically targeted the Hyperbridge gateway, a cross-chain bridge that facilitates the transfer of assets between different blockchain networks. According to Certik, the attackers leveraged a flaw in this gateway to gain unauthorized control over the administrator functions of a Polkadot token contract deployed on Ethereum. This allowed them to mint new DOT tokens without proper authorization and subsequently sell them on the open market, netting a profit of roughly $237,000.<\/p>\n<h2>Polkadot Confirms Native Assets Unaffected<\/h2>\n<p>Polkadot itself has confirmed that the issue was confined to the Hyperbridge&#8217;s Ethereum gateway contract. In a statement, the blockchain protocol emphasized that native DOT tokens, as well as Polkadot&#8217;s main network and its parachains, remain entirely unaffected by the incident. This distinction is crucial, as it reassures the broader Polkadot ecosystem that the core network&#8217;s integrity has not been compromised. Hyperbridge has since been paused as an investigation into the vulnerability is underway.<\/p>\n<h2>Exchange Suspensions and Market Impact<\/h2>\n<p>In response to the exploit, two major South Korean cryptocurrency exchanges, Upbit and Bithumb, have temporarily suspended all deposits and withdrawals for DOT tokens. This measure is a precautionary step taken by exchanges to prevent further illicit activity and to allow for a clearer understanding of the situation. The relatively small financial loss, estimated at $237,000, is attributed to the low liquidity of the bridged DOT tokens on Ethereum. This suggests that while the exploit was successful, its wider market impact was contained due to the limited volume of tokens involved in the cross-chain bridge at the time of the attack.<\/p>\n<p><em>The incident highlights the persistent security challenges associated with cross-chain bridges, which, despite their utility in enhancing interoperability, remain prime targets for sophisticated cyberattacks due to their complex architecture and the significant value they secure.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>An exploit targeting a Hyperbridge gateway vulnerability allowed hackers to mint and sell $237,000 worth of DOT tokens on Ethereum. Polkadot confirmed native assets remain unaffected.<\/p>\n","protected":false},"author":1,"featured_media":-1,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"googlesitekit_rrm_CAow5Nm1DA:productID":"","footnotes":""},"categories":[24],"tags":[2522,285,55023,3028,52615,55024,55022],"class_list":["post-60530","post","type-post","status-publish","format-standard","hentry","category-it","tag-blockchain","tag-cybersecurity","tag-dot","tag-ethereum","tag-exploit","tag-hyperbridge","tag-polkadot"],"featured_image_url":"https:\/\/azat.tv\/wp-content\/uploads\/2020\/12\/1571917874general_pages_24_october_2019_i79153_osujden_saratovskii_xaker_a.jpg","_embedded":{"wp:featuredmedia":[{"id":-1,"source_url":"https:\/\/azat.tv\/wp-content\/uploads\/2020\/12\/1571917874general_pages_24_october_2019_i79153_osujden_saratovskii_xaker_a.jpg","media_type":"image","mime_type":"image\/jpeg"}]},"_links":{"self":[{"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/posts\/60530","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/comments?post=60530"}],"version-history":[{"count":1,"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/posts\/60530\/revisions"}],"predecessor-version":[{"id":60544,"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/posts\/60530\/revisions\/60544"}],"wp:attachment":[{"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/media?parent=60530"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/categories?post=60530"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/azat.tv\/en\/wp-json\/wp\/v2\/tags?post=60530"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}