La blague du poisson d'avril de Polkadot Hyperbridge devient réalité puisque plus d'un milliard de faux jetons DOT ont été créés sur Ethereum
Burns Brief
Hyperbridge, un pont décentralisé reliant l'écosystème Polkadot au réseau Ethereum, a subi une faille de sécurité majeure qui a permis à un attaquant de créer 1 milliard de jetons DOT non autorisés. La nouvelle a secoué les acteurs du marché, les baissiers cherchant à faire baisser les prix tandis que les haussiers tentent de défendre les niveaux de support clés. Surveillez la réaction de $ETH $DOT : un mouvement décisif au-dessus ou en dessous des niveaux clés confirmera la prochaine tendance.
Hyperbridge, a decentralized bridge connecting the Polkadot ecosystem to the Ethereum network, suffered a major security breach that allowed an attacker to mint 1 billion unauthorized DOT tokens. However, the hacker’s potential multimillion-dollar payday was drastically cut short to around $240,000 as there simply was not enough liquidity to cash out the fabricated assets. While the direct financial losses from the exploit were relatively contained, the incident has sent shockwaves through the Polkadot ecosystem, driving the network's DOT native token toward its all-time low amid broader market anxieties regarding cross-chain security. Related Reading Polkadot ecosystem thriving with $210 million treasury amid record transactions in 2024 Polkadot's ecosystem thrives with new interoperability solutions, as its Treasury marks a significant financial milestone. Dec 31, 2024 · Oluwapelumi Adejumo Anatomy of the Hyperbridge exploit Security experts explained that the vulnerability resided in how Hyperbridge’s contracts validated incoming cross-chain messages before passing them along to the token gateway. Blockchain security firm BlockSec Phalcon identified the root cause as a “Merkle Mountain Range (MMR) proof replay vulnerability.” This is essentially a cryptographic blind spot that allowed the attacker to recycle old, valid security proofs and attach them to malicious, newly crafted requests. At the core of the breach was a missing input validation within the system's `VerifyProof()` function. In standard cross-chain operations, a bridge must verify that a request originating on one blockchain is authentic before executing a corresponding action, such as minting tokens, on another. In this instance, the Hyperbridge contract failed to properly bind the submitted request payload to the validated proof. The system merely checked that a request hash had not been used before, without verifying if the proof actually matched the message it was supposed to authenticate. By ma
Key Takeaways
- Hyperbridge, a decentralized bridge connecting the Polkadot ecosystem to the Ethereum network, suffered a major security breach that allowed an attacker to mint 1 billion unauthorized DOT tokens
- However, the hacker’s potential multimillion-dollar payday was drastically cut short to around $240,000 as there simply was not enough liquidity to cash out the fabricated assets
- Blockchain security firm BlockSec Phalcon identified the root cause as a “Merkle Mountain Range (MMR) proof replay vulnerability
- ” This is essentially a cryptographic blind spot that allowed the attacker to recycle old, valid security proofs and attach them to malicious, newly crafted requests
- At the core of the breach was a missing input validation within the system's `VerifyProof()` function