Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Based on monitoring by CertiK Alert, the Hyperbridge gateway contract fell victim to an exploit. The attacker utilized forged messages to manipulate administrative permissions of the Polkadot token contract on the Ethereum network. By unauthorized minting and liquidating 1 billion tokens, the attacker realized a profit of roughly $237,000. On April 16, it was reported that according to an official announcement from Hyperbridge, its token gateway was attacked on April 13. The estimated losses have been revised from approximately $237,000 to about $2.5 million, mainly affecting incentive liquidity pools on Ethereum, Base, BNB Chain, and Arbitrum. Attack method (per SlowMist): Forged Cross-Chain State Proof. Reported loss: $ 2,500,000.
- chain
- ethereum
- protocol
- Hyperbridge
- bug_class
- access-control
- date_occurred
- 2026-04-13
- loss_usd
- $2,500,000
- source_id
- sm:hyperbridge::2026-04-13