- Once again, an inter-network bridge has become the cause of cryptocurrency theft.
- In a layer 2 network Polkadot on the base Ethereum A token contract was hacked, allowing a hacker to issue 1 billion DOT tokens.
- After converting DOT to ETH, the attacker’s haul amounted to $237,000.
Online Ethereum a cross-network attack occurred on Polkadot (DOT), which resulted in the attacker minting 1 billion DOT tokens. The resulting tokens were exchanged for 108,2 ETH, equivalent to approximately $237,000.
Arkham specialists сообщилиthat an unknown attacker created a billion DOTs on Ethereum and sold them directly through liquidity poolThis allowed him to withdraw more than $240,000 in ETH. Lookonchain analysts confirmed the fact of hacking and the attacker’s net gain, which amounted to $23,000 (108,2 ETH).
After passing through decentralized liquidity pools, the funds were transferred to an external wallet.
Arkham Data
The root cause refers to a vulnerability in the Hyperbridge gateway. This system provides communication between networks using the Interoperable State Machine Protocol (ISO).
The attacker forged a message between the networks and bypassed authentication checks. This allowed them to gain control of the DOT token contract on the network. Ethereum.
He then deployed a malicious contract scheme, and the helper contract sent fake state proofs to the vulnerable HandlerV1 contract, allowing the “ChangeAssetAdmin” function to be executed.
As a result of this operation, the attacker gained administrator rights and the right to issue tokens. This allowed them to issue tokens without restrictions.
Taking advantage of a privilege that was not his, he issued 1 billion DOT and converted them through OdosRouter pools and Uniswap V4.
The swap netted him 108,2 ETH, and the fast execution limited the possibility of immediate arbitrage or intervention. Despite the large volume of tokens issued, the profit was relatively small due to liquidity constraints.
This suggests the attacker was in a hurry and didn’t expect to extract the maximum amount of funds. Currently, there is no information regarding security measures or the suspension or correction of contracts.
Bridges are often one of the largest sources of losses in cryptocurrency, and the unauthorized issuance of DOTs shows that message verification and administrative controls remain weak links.
Price kriptovalyuty Polkadot reacted to the incident with a moderate decline of 3,4% to $1,19.
CoinGecko Data
Risk Warning:
The information on this website is for informational and educational purposes only and does not constitute investment advice or financial recommendations. Cryptocurrencies and digital assets carry a high level of risk, including possible loss of capital. The editors are not responsible for decisions made based on the published materials. It is recommended that you conduct your own research (DYOR) before making investment decisions. Read the editorial policy. https://happycoin.club/about/