Hyperbridge raises Token Gateway losses to $2.5M
Hyperbridge says losses from its April 13 Token Gateway exploit total about $2.5M after an attacker forged a cross‑chain message to mint about 1 billion bridged DOT and sell them across several EVM chains.
Hyperbridge updated its estimate for the April 13 Token Gateway exploit to about $2.5 million. The protocol reported the attacker forged a cross‑chain message to mint roughly 1 billion bridged DOT and sold those tokens across multiple EVM networks.
The incident unfolded in two stages, according to the post‑incident update. An initial withdrawal removed about 245 ETH. Roughly an hour later, the attacker exploited a gap in message verification to bypass Merkle Mountain Range proof checks and mint the bridged DOT. Hyperbridge’s earlier loss estimate of about $237,000 reflected a narrower accounting that did not include drained incentive pools on other chains.
The revised figure adds losses from incentive pools on Ethereum, Base, BNB Chain and Arbitrum. The breach was limited to Hyperbridge’s Token Gateway and the bridged DOT contracts on the affected EVM networks. Native DOT on the Polkadot network and tokens bridged through other providers were not affected.
Bridging through Token Gateway remains paused. Services will resume only after a patch is deployed, an independent audit is completed, and the fix is publicly released, the update states.
A significant portion of the exploited funds has been traced onchain and routed to Binance. Hyperbridge is coordinating with Binance’s compliance unit and with law enforcement while withholding operational details as investigations proceed.
The team warned that recovery work can take months and in some cases up to a year. If recovery efforts fall short, Hyperbridge plans to allocate its native BRIDGE token to cover remaining user losses, with a structured distribution to begin one year after the exploit.
Engineers are finalizing a patch that targets the verification logic exploited in the attack. The fix is intended to address the broader class of verification vulnerabilities rather than a single failure point. The update notes that proof‑based bridge designs remain the approach used by the protocol and cites more than $2.8 billion in industry losses over the past two years tied mainly to compromised signers and multisig setups.
Hyperbridge is preparing a public postmortem once investigations and audits allow. Users who bridged assets via Token Gateway are asked to wait for further updates and not to attempt manual recovery steps.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
