Polkadot Bridge Exploit: Hacker Mints 1 Billion DOT, Seizes Admin Control

**An attacker exploited a critical vulnerability in a Polkadot cross-chain bridge on Tuesday, minting approximately 1 billion DOT tokens and temporarily seizing administrative control over the affected protocol before on-chain governance mechanisms partially contained the breach.**

The exploit targeted a bridge connecting Polkadot's relay chain to an external network, with the attacker leveraging a flaw in the bridge's signature verification logic to forge minting permissions. The unauthorized token creation represents a notional value exceeding $7 billion at current market prices, though the attacker's ability to liquidate that position remains severely constrained by market depth and the immediate response from validators and liquidity providers.

Blockchain security firm Halborn confirmed the attack vector in a preliminary post-mortem, identifying the vulnerability as a reentrancy-adjacent flaw in the bridge's pallet-level code. The attacker submitted a crafted extrinsic that bypassed multi-signature threshold requirements, effectively granting themselves root-level administrative access to the bridge contract's upgrade functionality.

"The signature aggregation module failed to properly validate the origin of the call under specific parachain message conditions," Halborn wrote in its initial disclosure. "This allowed a single actor to meet quorum requirements without legitimate co-signers."

On-chain data shows the attacker's wallet address received the minted DOT within three consecutive blocks, beginning at block height 21,847,302. The address subsequently executed two governance calls, attempting to modify the bridge's emergency pause parameters — a move that would have prevented validators from freezing outflows. Polkadot's council governance module rejected one call outright, while validators manually coordinated to halt the second within approximately 11 minutes of the initial exploit transaction.

The Web3 Foundation confirmed in a public statement that the DOT minted during the attack does not reflect any change to the protocol's actual circulating supply on the relay chain itself, describing the affected tokens as "bridge-wrapped representations" rather than native DOT. The foundation emphasized that the relay chain and its underlying consensus layer were not compromised.

Despite that clarification, DOT dropped roughly 14 percent in the two hours following initial reports, trading down to $6.21 before partial recovery. Trading volumes spiked across major centralized exchanges as holders moved to assess exposure.

The attacker transferred a portion of the fraudulently minted tokens to three separate wallets before bridge withdrawals were frozen. On-chain analysts at Arkham Intelligence tracked approximately 2.4 million in bridged assets successfully moved off-chain before the halt, representing the attacker's realized gain from the incident.

Polkadot's OpenGov framework has since passed an emergency referendum to disable the compromised bridge pallet pending a full audit. The vote reached supermajority threshold in under four hours, demonstrating the network's fast-track governance capability under crisis conditions.

This marks the second significant bridge exploit affecting a major layer-one ecosystem in 2025, following a separate incident on a competing network in February. Cross-chain bridge infrastructure continues to represent the most targeted surface area in decentralized finance, accounting for the majority of protocol-level losses recorded this year.

A full incident report is expected within 72 hours.