Key Highlights
- Hyperbridge was hacked on April 13 through a flaw in its Token Gateway, leading to the minting of about 1 billion fake DOT.
- The project didn’t just patch the issue; it fully rebuilt its system by removing centralized controls.
- The report highlights that cross-chain bridges are still one of the most targeted and risky parts of DeFi.
Hyperbridge, a cross-chain interoperability protocol, announced that it is now back online after being hit by a major exploit on April 13. The team had initially shut down the bridge to rethink how the whole network would work further.
In a blog post posted on Monday, the company said instead of just fixing the bug and moving on, the team rebuilt large parts of the system. They said the old design had deeper problems, especially in how it trusted messages between blockchains.
“Instead of patching the old system, we rebuilt the parts that concentrated risk underneath the network,” the team said.
The project described the relaunch as a shift toward a more permissionless system where control is no longer concentrated in a small group of operators.
How the exploit happened
The attack occurred when hackers found a weakness in the Token Gateway smart contract on Ethereum. This contract is the part that helps move assets between chains. The attackers were able to trick the system by sending a fake cross-chain message.
The system accepted it as real, and that opened the door for them to mint around 1 billion fake bridged DOT tokens. These tokens were not backed by real assets, but they still looked valid inside the system.
Once the fake tokens were created, the attacker moved them into liquidity pools and swapped them for real crypto. At first, the loss was thought to be around $237,000. But later checks showed the damage was bigger, reaching about $2.5 million after accounting for incentive pool damage across Ethereum, Base, BNB Chain, and Arbitrum.
Weak points behind the exploit
In the blog post, the team explained that the root problem was not just one bug. It was a mix of weak proof checks and poor safety limits. The system did not properly check the boundaries of certain proofs called Merkle Mountain Range checks. It also allowed changes in admin control without strong protection, like delays or extra checks.
Once the attack was found, all bridging was stopped right away, and security experts from outside the project joined the investigation. The protocol explained that the exploit showed deeper flaws in how the system was built. Instead of patching it, they removed the parts that created too much central control and rebuilt them from scratch. However, this old Token Gateway contract is now fully retired and no longer used.
Permissionless proof generation
In the new design, Hyperbridge said it made changes to how the system handles trust. Before, only the core team could run key proof checks. Now, anyone can do it. Operators can run an open tool called SP1 prover, submit proofs, and earn rewards if they are correct.
There is no approval needed. Even better, many operators can submit proofs for the same job, and rewards are shared based on timing and accuracy. This reduces the risk of relying on a single group.
Governance and control shift
In addition, they reportedly made changes in governance, stating that the system no longer has a hidden admin switch that lets the team make fast changes. That layer has been removed. Now, any major upgrade must go through voting by token holders. Spending from the treasury also needs public approval.
Even block production has changed. Instead of being assigned by the team, operators now earn their place by doing useful work like helping relay messages or submitting valid proofs.
Simpler relayer system
The relayer system, which moves data between chains, has also been made simpler. It used to run in two parts, but now it runs as one single system. This makes it easier for independent operators to join and reduces confusion and setup problems.
HandlerV2 and Faster Verification
A new part called HandlerV2 now handles both messages and proof checks together in one step. It uses stored Polkadot security proofs to confirm that everything is correct. This also means apps using the system now pay for their own verification costs instead of the protocol covering them.
New token model: Hyperfungible tokens
Hyperbridge also replaced its shared Token Gateway model with Hyperfungible Tokens. Here, each token works like its own small app. Token issuers can set their own rules, like limits, pause options, safety controls, and even compliance checks. This gives more control to each project instead of forcing one rule for all.
Hyperbridge built a tool called HyperbridgeLzEndpoint. It works with LayerZero systems and lets projects switch to stronger cryptographic security by just changing one setting, without rebuilding everything.
Broader outlook
But even with all of these changes, the wider message in the background is more important than the update itself. DeFi is still dealing with the same core problem: bridges and cross-chain systems remain one of the weakest points in the entire crypto ecosystem.
Hyperbridge may have found a stronger design and removed the exact weakness that was exploited, but history shows that attackers usually don’t stop at one protocol. They look for the next weak link in a similar system somewhere else.
So far, about $328 million exploits have been recorded in 2026, with the largest one on KelpDAO LayerZero, which was around #293 million.
Also Read: ZachXBT Links $120M USDT Flow to Monero (XMR) Surge; Tether Freezes $72M on Tron
