Home
News
Details

Hyperbridge Contract Exploited via MMR Proof Replay Vulnerability, Losing $242,000

iconTechFlow
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
DOT
$1.1586-5.63%
This is the logo of the coin.
ETH
$2,184.38-0.87%
AI summary iconSummary

expand icon
Hyperbridge’s HandlerV1 contract on Ethereum was exploited through a Merkle Mountain Range (MMR) proof replay vulnerability, resulting in a $242,000 loss. Attackers replayed valid proofs to forge new requests, altering admin permissions and minting tokens. Admin rights for Polkadot (DOT) and ARGN tokens were compromised, enabling unauthorized minting and withdrawals. PhalconSecurity identified the vulnerability using PhalconExplorer. Liquidity and crypto markets remain under pressure as such exploits underscore the risks inherent in smart contracts. Amid increased volatility, investors are increasingly citing BTC as a hedge against inflation.

According to BlockSec Phalcon, a Merkle Mountain Range (MMR) proof replay vulnerability in the HandlerV1 contract managed by Hyperbridge on the Ethereum network resulted in approximately $242,000 in losses. The vulnerability arose because proofs were not bound to requests, allowing attackers to replay historical valid proofs in conjunction with newly forged requests to perform actions such as changing administrator permissions. In a specific case, the attacker changed the administrator of the Polkadot (DOT) token and exploited the elevated privileges to mint additional DOT tokens for profit. Observed attack transactions include: changing the administrator and minting DOT tokens (loss of approximately $237,400), changing the administrator and minting ARGN tokens (loss of approximately $3,800), and withdrawing funds from the host. The vulnerability was discovered by PhalconSecurity and analyzed via PhalconExplorer. Previously, it was reported that the Hyperbridge gateway contract was compromised, resulting in the minting and subsequent sale of 1 billion DOT tokens on Ethereum.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.