The DeFi ecosystem saw another bridge vulnerability exploit on 13th April 2026.
Hackers exploited the Hyperbridge gateway to mint over 1 billion fake Polkadot (DOT) tokens on Ethereum. Hackers dumped tokens into a shallow liquidity pool, profiting $237,000.
Background Behind the Polkadot (DOT) Hack
After investigating the incident, security firms confirmed that the attackers pulled it off by forging cross-chain messages through Hyperbridge.
This bridge connects Polkadot to Ethereum. Perpetrators tricked the system into gaining admin rights over the DOT token contract on Ethereum.
Once inside, they minted 1 billion fake DOT tokens. The hackers executed and ended the attack in just minutes. Then the attackers offloaded everything into low-liquidity pools.
The extreme slippage resulting from the dump sent the token’s price spiraling down, and the hackers were only able to walk away with $237,000 in profit.
The native relay chain of Polkadot remained untouched, and hackers were not able to mint any real tokens. No supply dilution happened, but it did not prevent the chaos from spreading.
South Korean exchanges, Upbit and Bithumb, suspended DOT deposits and withdrawals to protect users from fake tokens. Currently, people are raising concerns over how the breach could negatively affect Polkadot.
This event highlights the potential risks of cross-chain infrastructure. Even bridges that many assume are secure can succumb to exploits.
Mindboggling Crypto Exploits Over the Past Year
The latest attack is just one of many such incidents over the past year. There were brutal losses across the crypto space last year, with major breaches taking place month after month. January kicked off with a $73 million Phemex hot wallet hack.
February delivered the biggest blow: Bybit lost $1.4 billion from a compromised multisig. In March, Abracadabra lost $13 million to a liquidation flaw. Then came April’s UPCX key compromise that led to the loss of $70 million.
In addition, Cetus Protocol’s $223 million integer overflow hack happened in May. But it was not the end. Nobitex experienced a breach in June due to compromised keys, with the perpetrators walking away with $90 million.
Reports surfaced about a CoinDCX server breach in July that cost the protocol $44 million. BtcTurk’s private key got leaked in August, with hackers swiping $48 million. Then, in September, we saw SwissBorg lose $41.5 million to a supply chain attack.
