The exploit hit bridged DOT on Ethereum, not native Polkadot

The attacker did not mint real DOT on the Polkadot chain itself. The exploit targeted bridged DOT on Ethereum, where an Ethereum-side bridge contract was tricked into handing over control of the token contract. That distinction matters because the native Polkadot network was not compromised, even though the headline number made the incident sound far bigger.

According to reporting, the attacker minted 1 billion fake bridged DOT tokens on Ethereum and then tried to dump them into available liquidity. The exploit was linked to Hyperbridge, a Polkadot-Ethereum bridge.

A forged cross-chain message broke the bridge’s protections

The core issue was not a simple wallet compromise. CoinDesk reported that a forged cross-chain message bypassed state proof validation in the bridge contract, which then granted admin control over the bridged DOT token on Ethereum. Once the attacker had that control, minting the fake supply became easy.

Other coverage of the exploit describes the same basic sequence. The attacker forged a gateway message, changed the admin of the Ethereum-side token contract, and then minted the fake tokens in a single large move.

The attacker created a huge fake supply, but could not cash out much

This is what makes the story so strange. On paper, the attacker minted roughly $1 billion worth of fake DOT. In reality, they only extracted about 108.2 ETH, or roughly $237,000 to $250,000, before liquidity ran out.

The reason is simple: there was nowhere near enough real liquidity on the Ethereum side to absorb a dump of that size. So even though the attacker created an enormous fake balance, most of it was effectively worthless once they tried to sell.

Why this matters for the market

This is another reminder that bridges remain one of crypto’s weakest points. The exploit did not need to break Polkadot itself. It only had to compromise a cross-chain system that represented Polkadot assets somewhere else. That is often enough to create panic, price disruption, and real losses for users exposed to the bridged asset.

It also shows that headline exploit size and realized theft are not always the same thing. A hacker can mint billions in fake assets, but if the market depth is too shallow, the actual cash-out can end up being much smaller. That said, a smaller realized profit does not make the bridge flaw less serious.

The bigger lesson is about bridge design

The clean takeaway is that this was a bridge verification failure, not a Polkadot protocol failure. A forged message appears to have bypassed the exact checks that were supposed to stop unauthorized cross-chain minting. Once that happened, admin control and token inflation followed almost immediately.

That is why incidents like this keep damaging trust in cross-chain infrastructure. Even when the attacker cannot fully monetize the exploit, the event still shows how much risk sits in the software layer connecting one chain to another.