Hyperbridge hack losses jump to $2.5M; Token Gateway bridge paused
Hyperbridge hack losses have risen to $2.5M, up from the initial $237K estimate, after an updated incident report.
The Hyperbridge hack traced to a Token Gateway vulnerability used in two stages: the attacker first drained about 245 ETH, then sent a fraudulent cross-chain message that bypassed Merkle Mountain Range (MMR) proof verification. The exploit enabled minting of nearly 1 billion bridged DOT and sales into existing liquidity.
Impacted funds were concentrated in incentive pools across Ethereum, Base, BNB Chain, and Arbitrum. Hyperbridge says only the Token Gateway and related bridged token contracts were affected, with no reported impact to native DOT on Polkadot or assets bridged via other providers.
Trading/actionability for crypto traders: the bridging functionality via the Gateway has been suspended indefinitely until a patched fix and independent security audit are completed. Hyperbridge is coordinating with Binance and law enforcement for freezing/recovery, and expects restitution could take months up to a year. If recovery fails, affected users may receive BRIDGE token compensation (timed after one year from the attack).
Net takeaway: the Hyperbridge hack highlights ongoing cross-chain bridge verification risks, which can temporarily disrupt bridged asset liquidity and trader sentiment even when native tokens are unaffected.
Neutral
This update increases the reported scale of the Hyperbridge hack, but Hyperbridge states native DOT on Polkadot was not impacted. The immediate market effect is more likely localized to bridged DOT liquidity and related incentive pools, while recovery timelines (months to up to a year) can keep uncertainty elevated without directly changing native DOT fundamentals. Traders may see short-term volatility around bridged token markets, but the overall price impact on DOT itself is likely limited.