Bridged DOT Exploited on Ethereum as Attacker Mints 1B Tokens

Bridged DOT on Ethereum was exploited after a forged message altered control of the token contract, allowing a rogue mint and an immediate selloff in the wrapped asset. The incident appears confined to the Ethereum-side representation rather than Polkadot's native chain, but it is a sharp reminder that bridge security depends on who controls the contract that can create supply.

The critical on-chain receipt tied to the incident shows a zero-address Transfer equivalent to 1,000,000,000 bridged DOT on Ethereum, while CertiK Alert estimated roughly ~$237K in realized profit from the dump.

What Happened in the Bridged DOT Exploit

CertiK Alert said it saw an exploit on Hyperbridge's gateway contract and wrote that "The attacker slipped through a forged message to change the admin of Polkadot token contract on Ethereum."

#CertiKInsight 🚨

We have seen an exploit on the @hyperbridge gateway contract. https://t.co/h27iDm1JGd

The attacker slipped through a forged message to change the admin of Polkadot token contract on Ethereum and profited ~$237K from minting and selling 1B tokens.

Stay… pic.twitter.com/3t2n4uq5hy

— CertiK April 13, 2026

Control Was Swapped

The confirmed part of the exploit path is the admin change on the Ethereum-side Polkadot token contract. A single Telegram report described that sequence as control being swapped to the attacker's contract, but that phrasing remains unconfirmed; the sourced claim is that a forged message changed admin rights.

How 1B DOT Was Minted

The cleanest on-chain checkpoint is transaction 0x240aeb9a8b2aabf64ed8e1e480d3e7be140cf530dc1e5606cb16671029401109, which succeeded at 2026-04-13T03:55:23.000Z. On the same Skylens transaction page, the receipt shows a zero-address Transfer equivalent to 1,000,000,000 bridged tokens at 18 decimals, indicating the forged admin change was followed by a mint on Ethereum.

CertiK Alert estimated the attacker realized about ~$237K by minting and selling the forged bridged supply.

Crypto Briefing's incident summary said the attacker dumped the minted bridged DOT on Ethereum and that native Polkadot was not directly affected.

Why an Ethereum-Side Bridge Compromise Is So Serious

Smart Contract Control Risk

The core security failure is the combination of a forged message and an admin change on the Ethereum token contract. When a bridge loses control at that layer, the wrapped asset's validity depends less on reserves and more on whether the mint authority itself has been compromised, a risk Ethereum users also weigh when following infrastructure flows like ETH staking: 18,000 ETH sent through Kiln.

Token Supply Risk

The market consequence comes from the forged supply, not just the exploit headline. Because the same exploit path is tied to the zero-address mint on CertiK's linked transaction page, liquidity providers and traders have reason to question whether the Ethereum-side token still reflects redeemable value or only compromised contract state.

What is not established yet is the full downstream damage. The materials reviewed for this article did not include an official Hyperbridge or Polkadot postmortem, so it would be premature to claim total losses, recovery status, or wider contagion beyond the wrapped Ethereum-side token.

CoinMarketCap's market-reaction report said DOT fell 4% to $1.19 as traders processed the exploit, while also stressing that the affected instrument was a wrapped asset rather than native DOT.

What Users and Markets Will Watch Next

Containment and Contract Authority

The next questions are practical: whether the affected contracts were paused, whether legitimate control over the Ethereum-side token contract can be restored, and whether venues that touched the forged supply will freeze or invalidate those tokens. Those answers require protocol statements, and none were included in the materials reviewed here.

Liquidity and Market Impact Monitoring

Traders will likely watch the venues that handled the dump, any follow-up statements from Hyperbridge or Polkadot, and whether the bridge exploit stays isolated or feeds broader risk aversion. That wider backdrop is already visible in DeFi Liban's Top 5 crypto news in the last 24 hours and its analysis of the BTC short liquidity cluster above $74K, both of which show how quickly positioning can shift when markets are already fragile.

Early exploit reports often become more precise as teams trace message paths, admin permissions, and venue exposure. For now, the confirmed facts are narrower: Hyperbridge's gateway contract was reportedly exploited, an admin change hit the Polkadot token contract on Ethereum, and the bridged asset's supply integrity was broken on the Ethereum side.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency markets carry significant risk. Always do your own research before making decisions.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.