Post-Mortemconfirmed

2026-05-10 06:13:22 UTC

Hyperbridge lost $2.5 million on April 13, 2026 after an attacker exploited missing proof-to-request binding in the Merkle Mountain Range verification logic of the EthereumHost contract. A two-phase attack extracted roughly 245 ETH first, then minted approximately 1 billion bridged DOT tokens and dumped them into DEX liquidity. Initial loss estimates of $237,000 excluded the first phase entirely. Post-mortem: https://rekt.news/hyperbridge-rekt

Receipts

Sourcehttps://rekt.news/hyperbridge-rekt
USD Impact$2,500,000