Liquidity constraints capped a 1 billion token mint at $237,000

The haul from a 1 billion token mint was capped at 108.2 Ethereum, or approximately $237,000, because of limited liquidity in the bridged DOT pool. A hacker inserted a forged message into the Hyperbridge cross-chain gateway, which bypassed state-proof verification in the smart contract. This allowed the attacker to seize administrative control of the Polkadot token contract on Ethereum and mint 1 billion bridged DOT tokens. The attacker then liquidated the tokens into the pool, but the fake supply crashed the price of the bridged representation. The broader Polkadot ecosystem and native DOT tokens were not impacted. Hyperbridge had marketed itself as a proof-based interoperability layer offering full node security for cross-chain bridges. Blockchain security firm Blocksec Falcon identified the likely root cause as a Merkle Mountain Range proof replay vulnerability caused by missing proof-to-request binding. The attacker walked away with approximately $237,000.