Polkadot steadies after Hyperbridge loss reset

Polkadot’s token regained some ground after Hyperbridge sharply raised the estimated damage from its April 13 Token Gateway exploit to about $2.5 million, a revision that deepened scrutiny of cross-chain infrastructure even as the network behind DOT moved to contain concern by stressing that native DOT was not compromised. Hyperbridge said the breach was confined to bridged DOT and related pools on Ethereum, Base, BNB Chain and Arbitrum, while Polkadot-linked channels indicated the main network and unbridged holdings were unaffected.

The new loss figure is roughly ten times higher than the first public estimate of about $237,000. Hyperbridge said the earlier number reflected only the visible sell-off of bridged DOT on Ethereum in the immediate aftermath of the attack. A broader reconciliation across four chains, the discovery of a two-phase attack pattern, and losses tied to incentive pools pushed the realised total substantially higher. The project said an initial extraction of about 245 ETH from Token Gateway was followed around an hour later by the main exploit, which allowed forged messages to mint assets and drain escrowed funds.

That sequence matters because it has shifted the story from what at first looked like a damaging but contained bridge incident into a wider warning about how fast assumptions can break down in decentralised finance when cross-chain systems fail. Hyperbridge attributed the breach to a flaw in Merkle Mountain Range proof verification logic, saying the weakness enabled forged cross-chain messages. CoinDesk reported at the outset that the attack bypassed state proof validation on the bridge contract and granted control over the bridged DOT token on Ethereum, leading to the minting of around 1 billion bridged DOT, though the attacker was able to realise only a fraction of that nominal amount because liquidity was thin.

The distinction between bridged and native assets has been central to the market response. Hyperbridge said the exploit remained isolated to Token Gateway and the affected bridged token contracts on EVM networks. It added that users holding native DOT on Polkadot, or DOT bridged through other providers, did not need to take action. That message appears to have helped calm broader fears over the integrity of Polkadot itself, even as the episode exposed the reputational risk that bridge failures can create for the ecosystems attached to them. DOT was trading around $1.28 on Saturday, with a daily range of $1.26 to $1.34, showing a degree of stability after the initial shock.

Even so, the incident has reopened a familiar argument in crypto markets: whether the industry’s push for interoperability is moving faster than its security discipline. Hyperbridge defended the broader idea behind proof-based bridging, arguing that the sector has lost more than $2.8 billion to bridge exploits over the last two years and that many of those failures stemmed from compromised signers, multisig breakdowns or trusted committees rather than cryptographic verification itself. The project said the lesson from this breach was not to abandon proof-based design but to subject verification logic to more frequent audits and more aggressive adversarial testing.

Pressure is now building around compensation and accountability. Hyperbridge said all bridging through Token Gateway remains paused and that it is working with outside security auditors, forensics partners and exchange compliance teams before any relaunch. It also said some stolen funds have been traced on-chain to Binance and that recovery efforts are under way. In a separate notice, the project offered a voluntary return window until April 30, 2026, saying wallets that return withdrawn funds within that period would face no further action. If recovery efforts fall short, Hyperbridge has said unrecovered user losses would be covered through a BRIDGE token-based mechanism, with fuller details to be shared later.

That proposed remedy has already triggered debate inside the wider Polkadot community. A discussion on the Polkadot forum argues that affected liquidity providers were drawn into a treasury-backed campaign linked to Hyperbridge and that a structured recovery loan in DOT should be considered. The argument is less about creating a blanket bailout model than about defining responsibility when an ecosystem-endorsed product fails after users were actively encouraged to supply liquidity. Whether that idea gathers support or not, it shows how quickly a technical exploit can become a governance and confidence test for a network’s broader community.