Meet the Top 101 in Crypto
News
5 min read

DOT Exploit Shock: 1 Billion Tokens Minted, Dumped in Minutes

Published 13 April 2026
Prashant Jha
Authors
Edited by Insha Zia

Key Takeaways

  • Hackers exploited the Hyperbridge gateway on Ethereum, forging messages to gain admin rights over a Polkadot-linked token contract.
  • They minted roughly 1 billion fake DOT tokens and rapidly dumped them into low-liquidity pools, earning about $237,000 in profit.
  • Native Polkadot chain stayed secure with no supply impact, though the event triggered temporary trading suspensions.

In a display of cross-chain bridge fragility, hackers exploited a vulnerability in the Hyperbridge gateway on April 13, 2026, minting approximately 1 billion fake DOT tokens on the Ethereum mainnet. 

The attackers quickly dumped the newly created supply into shallow liquidity pools, extracting roughly $237,000 in profit before the market reacted.

Sponsored
Disclosure
Opened in 2018
Promotions
Deposit $100, Get an Extra $300 in GOLD!
Coins
Shiba Inu Bitcoin PAX Gold Ampleforth Ethereum +70
Promotions
Receive up to $100,000 worth of exclusive gifts for newcomers upon registration.
Coins
Bitcoin Ethereum Tether USD Coin Solana +76
Opened in 2017
Promotions
Experience a 1-minute swap on a non-custodial platform.
Coins
Bitcoin Ethereum Tether Build'N'Build USD Coin +217
Show More

It’s 2026, but Bridge Exploits Still Haunt DeFi

Security firms confirmed the incident, describing it as a targeted manipulation of a Polkadot-linked token contract on Ethereum.

The exploit unfolded rapidly as hackers first forged cross-chain messages via the Hyperbridge gateway, a bridge that connects Polkadot’s ecosystem to Ethereum and other chains. 

This allowed them to seize administrative control over the DOT ERC-20 token contract deployed on Ethereum.

Once in control, they minted the massive 1 billion token supply out of thin air. 

DOT token.
DOT’s token supply increased by 1 billion. Credit: X.

Within minutes, the attackers offloaded the tokens into available DEX liquidity pools, primarily on Ethereum, triggering an immediate price collapse due to extreme slippage and thin order books. 

On-chain charts captured the frenzy: a brief vertical spike in the fake DOT token’s price and volume followed by a near-total wipeout, highlighting how low liquidity amplified the dump’s efficiency for the attackers but limited broader extraction.

Native Polkadot’s DOT token on its relay chain remained untouched.

The incident targeted only the Ethereum-side representation of DOT via the Hyperbridge infrastructure—not the core Polkadot blockchain or its native supply. 

Still, the event sent ripples through the market.

South Korean exchanges Upbit and Bithumb swiftly suspended DOT deposits and withdrawals as a precautionary measure, citing potential risks arising from confusion over the fake token. 

While the real DOT price experienced only mild volatility amid the broader crypto sentiment, the exploit underscored persistent fears around bridged assets and cross-chain security.

Traders and holders expressed concerns on social platforms about reputational damage to Polkadot’s interoperability narrative, though the limited financial bleed prevented a full-scale panic sell-off.

How the Attackers Pulled It Off

The root cause lies in a flaw in Hyperbridge’s gateway contract, the component responsible for verifying and relaying messages between Polkadot and Ethereum. 

Hyperbridge, positioned as Polkadot’s native bridge for secure asset transfers, relies on cryptographic proofs and message passing to maintain trustlessness.

However, this specific gateway implementation contained a critical weakness that permitted message forgery.

Attackers crafted and submitted malicious cross-chain messages that bypassed normal validation checks.

By impersonating legitimate Polkadot-originating instructions, they manipulated the admin privileges of the DOT token contract on Ethereum. 

This granted them unrestricted minting rights, a classic “infinite mint” vector common in poorly guarded bridge contracts.

Once admin access was secured, the exploiters invoked the contract’s mint function repeatedly, generating the 1 billion tokens in a single coordinated burst. 

The entire sequence from message forgery to minting and dumping occurred in minutes, exploiting the speed of Ethereum’s execution environment before any automated alerts or manual intervention could halt it.

Experts note that this mirrors past bridge exploits in which verification logic fails under crafted inputs, allowing unauthorized control over downstream token contracts. 

Hyperbridge’s design emphasizes Polkadot’s shared security model, but the gateway’s Ethereum-side integration apparently introduced an exploitable surface.

No core Polkadot consensus or relay chain was compromised, isolating the damage to the bridged Ethereum representation.

The Massive Dump

The massive supply was dumped into extremely shallow liquidity pools for the Ethereum-based DOT token, resulting in immediate, severe slippage.

What began as a theoretical multi-million-dollar mint quickly evaporated in value as the price cratered under selling pressure.

Liquidity providers and any unsuspecting buyers absorbed the bulk of the immediate losses, though the thin pools meant total extracted value stayed modest.

The broader Polkadot ecosystem suffered no direct token inflation or reserve drain on its native chain.

Real DOT holders saw no dilution of supply, and the Polkadot relay chain’s security model held firm. 

However, indirect costs emerged:

  • Temporary trading suspensions on major exchanges.
  • Heightened scrutiny of bridged assets.
  • Short-term dips in market confidence for DOT.
  • CertiK’s analysis pegged the profit at $237,000, emphasizing that low liquidity acted as a natural brake on larger theft.

This incident serves as a stark reminder of ongoing risks in cross-chain infrastructure, even for bridges touted as secure.

While the dollar figure appears small relative to billion-dollar DeFi exploits of the past, the speed and simplicity of the attack highlight why message verification and admin controls remain high-priority audit targets. 

Polkadot and Hyperbridge teams have yet to issue patches and enhanced monitoring.

Prashant Jha

Prashant Jha is a seasoned crypto journalist based in Delhi, India, with a Bachelor’s Degree in Computer Science Engineering. Passionate about the evolving world of blockchain and cryptocurrencies, he has been a dedicated voice in the industry since 2018. Prashant’s expertise lies in regulatory reporting, where he unravels complex legal and financial developments with clarity and precision. Before joining CCN in 2024, he honed his craft at Cointelegraph, establishing himself as a trusted name in crypto journalism.

His coverage spans major industry events, including the high-profile collapses of FTX, Three Arrows Capital (3AC), and LUNA, offering readers insightful analyses of their regulatory and market implications. Prashant’s technical background enables him to bridge the gap between intricate blockchain technology and its real-world applications, making his work accessible to novices and experts.

Beyond his professional pursuits, Prashant is an avid music enthusiast, often exploring diverse genres to unwind. A sports lover, he has a particular passion for cricket and frequently engages in discussions about the game. His multifaceted interests and sharp journalistic instincts make him a valuable contributor to CCN, where he continues shaping the crypto landscape's narrative.

Related

Survey Icon
Help us improve
1 of 4
Is this your first time here?
What brought you here today?
What are you most interested in?
Would you be interested in:
Thank you icon
Thank you for your feedback!
DMCA.com Protection Status