Home
News
Details

Hyperbridge Reveals $237,000 Loss Due to Merkle Proof Verification Vulnerability

iconChaincatcher
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
DOT
$1.33114.62%
This is the logo of the coin.
ETH
$2,333.80-0.29%
AI summary iconSummary

expand icon
Hyperbridge disclosed a $237,000 loss resulting from a Merkle tree verification flaw in its smart contract. The vulnerability in the HandlerV1 contract’s VerifyProof() function permitted forged Merkle proofs, enabling attackers to mint 1 billion bridged DOT tokens. The hacker subsequently drained the tokens on DEXs. Hyperbridge is collaborating with security partners to track the funds and has paused cross-chain operations pending investigation.

ChainCatcher report: The blockchain interoperability protocol Hyperbridge has disclosed details of the previous DOT attack, resulting in losses of approximately $237,000. The vulnerability stemmed from the absence of input validation in the VerifyProof() function of the HandlerV1 contract, which failed to validate leaf_index and leafCount, allowing attackers to forge Merkle proofs. Exploiting this flaw, the attacker gained administrative control over the bridged DOT token contract on Ethereum and subsequently minted 1 billion bridged DOT tokens—over 2,800 times the legitimate circulating supply of approximately 356,000 DOT—and cashed them out on decentralized exchanges. Hyperbridge stated that it is currently working with security partners to trace the stolen funds and will keep its cross-chain functionality suspended until the investigation is complete.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.