La broma del Día de los Inocentes de Polkadot Hyperbridge se hace realidad cuando se acuñaron más de mil millones de tokens DOT falsos en Ethereum
Burns Brief
Hyperbridge, un puente descentralizado que conecta el ecosistema de Polkadot con la red Ethereum, sufrió una importante violación de seguridad que permitió a un atacante acuñar mil millones de tokens DOT no autorizados. La noticia ha sacudido a los participantes del mercado, con los bajistas buscando bajar los precios mientras los alcistas intentan defender niveles de soporte clave. Esté atento a la reacción de $ETH $DOT: un movimiento decisivo por encima o por debajo de niveles clave confirmará la próxima tendencia.
Hyperbridge, a decentralized bridge connecting the Polkadot ecosystem to the Ethereum network, suffered a major security breach that allowed an attacker to mint 1 billion unauthorized DOT tokens. However, the hacker’s potential multimillion-dollar payday was drastically cut short to around $240,000 as there simply was not enough liquidity to cash out the fabricated assets. While the direct financial losses from the exploit were relatively contained, the incident has sent shockwaves through the Polkadot ecosystem, driving the network's DOT native token toward its all-time low amid broader market anxieties regarding cross-chain security. Related Reading Polkadot ecosystem thriving with $210 million treasury amid record transactions in 2024 Polkadot's ecosystem thrives with new interoperability solutions, as its Treasury marks a significant financial milestone. Dec 31, 2024 · Oluwapelumi Adejumo Anatomy of the Hyperbridge exploit Security experts explained that the vulnerability resided in how Hyperbridge’s contracts validated incoming cross-chain messages before passing them along to the token gateway. Blockchain security firm BlockSec Phalcon identified the root cause as a “Merkle Mountain Range (MMR) proof replay vulnerability.” This is essentially a cryptographic blind spot that allowed the attacker to recycle old, valid security proofs and attach them to malicious, newly crafted requests. At the core of the breach was a missing input validation within the system's `VerifyProof()` function. In standard cross-chain operations, a bridge must verify that a request originating on one blockchain is authentic before executing a corresponding action, such as minting tokens, on another. In this instance, the Hyperbridge contract failed to properly bind the submitted request payload to the validated proof. The system merely checked that a request hash had not been used before, without verifying if the proof actually matched the message it was supposed to authenticate. By ma
Key Takeaways
- Hyperbridge, a decentralized bridge connecting the Polkadot ecosystem to the Ethereum network, suffered a major security breach that allowed an attacker to mint 1 billion unauthorized DOT tokens
- However, the hacker’s potential multimillion-dollar payday was drastically cut short to around $240,000 as there simply was not enough liquidity to cash out the fabricated assets
- Blockchain security firm BlockSec Phalcon identified the root cause as a “Merkle Mountain Range (MMR) proof replay vulnerability
- ” This is essentially a cryptographic blind spot that allowed the attacker to recycle old, valid security proofs and attach them to malicious, newly crafted requests
- At the core of the breach was a missing input validation within the system's `VerifyProof()` function