Cross-chain attack on Polkadot - $1.1 billion lost

When the gaps exceed the available liquidity

A cryptocurrency attacker generated approximately $1.1 billion worth of assets linked to Polkadot via an Ethereum bridge, but ultimately only recouped around $237,000, illustrating a common trend in modern attacks: the gap between theoretical value and actual liquidity.

This incident highlights both the fragility of cross-chain infrastructure and the increasing difficulty in converting large-scale attacks into usable capital.

In theory, the attacker created over a billion dollars worth of assets. In reality, that value never existed in a form that could be monetized.

These bridges rely on asset representations rather than actual liquidity. When those representations are manipulated, the resulting tokens may appear valuable within the system, but lack the necessary depth to exit. As soon as an attacker attempts to sell, liquidity constraints become binding.

Forged evidence passed the verification process

The root cause was a vulnerability in Hyperbridge's Ethereum gateway contract, specifically in its proof-of-state verification logic. The attacker created a forged cross-chain message (exploiting a vulnerability related to replay or MMR) to bypass the proof-of-state verification process. This allowed them to temporarily control the governance of the connected DOT token contract on Ethereum.

• After gaining control, the attacker created 1 billion linked DOT tokens in a single transaction — approximately 2,800 times the legal supply of DOT at the time.

• The counterfeit tokens were routed through Odos Router V3 and dumped into the Uniswap V4 DOT-ETH pool.

• Massive selling pressure immediately caused the price of DOT connected to Ethereum to collapse (from around $1.22 to near zero), but the limited liquidity kept the actual profit to around 108 ETH.

Hyperbridge quickly paused operations on the affected port to prevent the incident. Importantly, this vulnerability was limited to connected DOT on Ethereum. Native DOT on the Polkadot relay chain, parachains, and other bridges remained secure and unaffected.

Why are attackers still facing difficulties ?

Despite the massive scale of the attack, the attacker still faced familiar constraints when attempting to exit. Large positions could not be liquidated without sufficient market depth, functioning liquidity pools, and counterparties willing to absorb the supply.

In most attack scenarios, these conditions do not exist. As a result, the attacker is forced to sell off small portions, accept high slippage, or abandon a large portion of the assets created entirely. This creates a paradox where attacks may seem huge in terms of headlines but are not economically viable.

An increasingly sophisticated defense system

The limited profit-taking also reflects an improvement in the ecosystem's response. As soon as unusual money-making activity is detected, protocols and exchanges can freeze affected assets, halt bridging activities, and block deposits related to the attack.

This reduces the time it takes for an attacker to convert assets into fiat currency or stablecoins. Over time, this has made large-scale attacks harder to profit from, even if they are still technically feasible.

Our review

Hyperbridge has temporarily suspended the vulnerable payment gateway and is expected to provide a detailed report following the incident, including any remediation or compensation plans. The attacker's identity has not been publicly disclosed, and funds are still traceable on the chain. For traders and fund allocators: Closely monitor DOT price movements and the liquidity of connected assets in the coming days.

The broader market focus remains on institutional capital flows (Strategy's latest BTC buy, Morgan Stanley's MSBT ETF), strong on-chain Ethereum indicators, and macroeconomic developments. Bridge attacks like this are a timely reminder of the need to handle cross-chain assets with appropriate risk premiums. In the context of an increasingly connected blockchain, the Hyperbridge incident underscores a simple truth: theoretical value created from nothing only truly has value when there is sufficient liquidity to absorb it.

Disclaimer: The information presented in this article is the author's personal opinion in the field of cryptocurrency. This is not financial or investment advice. All investment decisions should be based on careful consideration of your personal portfolio and risk tolerance. The views expressed in this article do not represent the official stance of the platform. We recommend that readers conduct their own research and consult with experts before making any investment decisions.

Compiled and analyzed by HCCVenture

Follow HCCVenture here: https://link3.to/holdcoincventure

Explore HCCVenture group

HCCVenture © 2023. All rights reserved.

About us

Clause

Privacy Policy

Connect with us

→ Strategic partner

→ Media Relations

→ Investors

Popular content

News

Market Analysis

→ On-chain Data

→ Market Report

→ ETFs Cash Flow

Strategic Insights

→ Project perspective

→ Trading floor

Share knowledge

Contact to us

E-mail : sp_contact@hccventure.com

Register : https://linktr.ee/holdcoincventure

Disclaimer: The information on this website is for informational purposes only and should not be considered investment advice. We are not responsible for any risks or losses arising from investment decisions based on the content here.

TERMS AND CONDITIONS • CUSTOMER PROTECTION POLICY

ANALYTICAL AND NEWS CONTENT IS COMPILED AND PROVIDED BY EXPERTS IN THE FIELD OF DIGITAL FINANCE AND BLOCKCHAIN ​​BELONGING TO HCCVENTURE ORGANIZATION, INCLUDING OWNERSHIP OF THE CONTENT.

RESPONSIBLE FOR MANAGING ALL CONTENT AND ANALYSIS: HCCVENTURE FOUNDER - TRUONG MINH HUY

Read warnings about scams and phishing emails — REPORT A PROBLEM WITH OUR SITE.