Der Aprilscherz von Polkadot Hyperbridge wird wahr, denn über 1 Milliarde gefälschte DOT-Token wurden auf Ethereum geprägt
Burns Brief
Hyperbridge, eine dezentrale Brücke, die das Polkadot-Ökosystem mit dem Ethereum-Netzwerk verbindet, erlitt einen schweren Sicherheitsverstoß, der es einem Angreifer ermöglichte, 1 Milliarde nicht autorisierte DOT-Tokens zu prägen. Die Nachricht hat die Marktteilnehmer verunsichert: Bären versuchen, die Preise nach unten zu drücken, während Bullen versuchen, wichtige Unterstützungsniveaus zu verteidigen. Achten Sie auf die Reaktion von $ETH $DOT – eine entscheidende Bewegung über oder unter Schlüsselniveaus wird den nächsten Trend bestätigen.
Hyperbridge, a decentralized bridge connecting the Polkadot ecosystem to the Ethereum network, suffered a major security breach that allowed an attacker to mint 1 billion unauthorized DOT tokens. However, the hacker’s potential multimillion-dollar payday was drastically cut short to around $240,000 as there simply was not enough liquidity to cash out the fabricated assets. While the direct financial losses from the exploit were relatively contained, the incident has sent shockwaves through the Polkadot ecosystem, driving the network's DOT native token toward its all-time low amid broader market anxieties regarding cross-chain security. Related Reading Polkadot ecosystem thriving with $210 million treasury amid record transactions in 2024 Polkadot's ecosystem thrives with new interoperability solutions, as its Treasury marks a significant financial milestone. Dec 31, 2024 · Oluwapelumi Adejumo Anatomy of the Hyperbridge exploit Security experts explained that the vulnerability resided in how Hyperbridge’s contracts validated incoming cross-chain messages before passing them along to the token gateway. Blockchain security firm BlockSec Phalcon identified the root cause as a “Merkle Mountain Range (MMR) proof replay vulnerability.” This is essentially a cryptographic blind spot that allowed the attacker to recycle old, valid security proofs and attach them to malicious, newly crafted requests. At the core of the breach was a missing input validation within the system's `VerifyProof()` function. In standard cross-chain operations, a bridge must verify that a request originating on one blockchain is authentic before executing a corresponding action, such as minting tokens, on another. In this instance, the Hyperbridge contract failed to properly bind the submitted request payload to the validated proof. The system merely checked that a request hash had not been used before, without verifying if the proof actually matched the message it was supposed to authenticate. By ma
Key Takeaways
- Hyperbridge, a decentralized bridge connecting the Polkadot ecosystem to the Ethereum network, suffered a major security breach that allowed an attacker to mint 1 billion unauthorized DOT tokens
- However, the hacker’s potential multimillion-dollar payday was drastically cut short to around $240,000 as there simply was not enough liquidity to cash out the fabricated assets
- Blockchain security firm BlockSec Phalcon identified the root cause as a “Merkle Mountain Range (MMR) proof replay vulnerability
- ” This is essentially a cryptographic blind spot that allowed the attacker to recycle old, valid security proofs and attach them to malicious, newly crafted requests
- At the core of the breach was a missing input validation within the system's `VerifyProof()` function