Hyperbridge Loss Revision

Hyperbridge said on April 16 that its April 13 exploit caused about $2.5 million in losses, not the roughly $237,000 it first reported. (blog.hyperbridge.network) The protocol said the higher figure came after it reconciled attacker activity across Ethereum, Base, BNB Chain and Arbitrum, and added losses from incentive pools on those networks. Hyperbridge said the earlier number reflected only the immediately visible bridged-DOT sell-off on Ethereum. (blog.hyperbridge.network) Hyperbridge described a two-step attack. It said an attacker first extracted about 245 Ether from Token Gateway, then about an hour later minted roughly 1 billion bridged DOT and dumped those tokens into decentralized-exchange liquidity. (blog.hyperbridge.network) A bridge is a system that moves crypto between blockchains by locking assets on one chain and issuing a linked version on another. In this case, Hyperbridge said a flaw in its Merkle Mountain Range proof checks let forged cross-chain messages pass as valid. (blog.hyperbridge.network) That distinction shaped the first round of public estimates. Hyperbridge’s initial $237,000 figure tracked the attacker’s visible Ethereum-side sales, while the revised $2.5 million figure counts the protocol’s broader hole after drained pools on four chains were included. (blog.hyperbridge.network; forum.polkadot.network) An independent on-chain analysis posted to the Polkadot forum on April 17 said both figures can be accurate because they measure different things. The post said the attacker swapped the forged tokens for 108.2 Ether in one transaction and later routed about $272,174 to Tornado Cash, while Hyperbridge’s larger number reflects what it would take to refill affected incentive pools. (forum.polkadot.network) The exploit did not hit Polkadot’s core chain. Reporting on April 13 said the incident was limited to DOT bridged through Hyperbridge’s Ethereum gateway, while native DOT, the Polkadot relay chain and DOT bridged through other providers were not affected. (range.org; coindesk.com) Hyperbridge said bridging through Token Gateway remains paused while engineers finish a patch, obtain an independent audit and prepare a public release of the fix. The team also said a significant portion of the exploited funds was traced on-chain to Binance and that it is working with Binance’s compliance team and law enforcement on recovery. (blog.hyperbridge.network; theblock.co) For users, the revision answers the basic question that hung over the exploit for three days: the attacker appears to have pulled in only a fraction of the protocol’s total damage, while the bigger bill sits in the cross-chain pools Hyperbridge now has to restore. (forum.polkadot.network; blog.hyperbridge.network)