On April 13, 2026, the Hyperbridge ISMP (Interoperability State Machine Protocol) gateway on Ethereum was exploited. The attacker forged an ISMP PostRequest by exploiting a Merkle Mountain Range (MMR) proof verification flaw in HandlerV1, combined with insufficient request-proof binding and weak governance authorization in TokenGateway. The attacker minted 1,000,000,000 bridged DOT tokens and swapped them for approximately 108.2 ETH (about $237,000 to $242,000) in a single atomic transaction. Native Polkadot was entirely unaffected. EthereumHost has since been frozen.
On-Chain Summary
Exploit Tx – 0x240aeb9a8b2aabf64ed8e1e480d3e7be140cf530dc1e5606cb16671029401109
Attacker EOA – 0xC513E4f5D7a93A1Dd5B7C4D9f6cC2F52d2F1F8E7
Master Contract – 0x518AB393c3F42613D010b54A9dcBe211E3d48f26
Helper Contract – 0x31a165a956842aB783098641dB25C7a9067ca9AB
Target Token – 0x8d010bf9C26881788b4e6bf5Fd1bdC358c8F90b8 (bridged DOT ERC-6160)
Profit – About 108.2 ETH (about $237,000 to $242,000)
Gas Used – About 0.000339 ETH (single block)
Funding Source – Railgun shielded pools and Synapse Bridge
Root Cause Analysis
- MMR Library Edge-Case Bug
The Merkle Mountain Range library contained a boundary-condition flaw in leavesForSubtree() and CalculateRoot(). When leafCount equals 1 and the attacker supplied an out-of-range leaf_index of 1, the function silently dropped the forged leaf. The verifier promoted the next element in the proof array, which was a stale but legitimate historical root, directly to the computed root position. This caused the system to accept the forged payload without validation. - Missing Proof-to-Request Binding
HandlerV1 enforces replay protection by checking that a request commitment, request.hash(), has not been consumed before. However, proof verification does not cryptographically bind the submitted request payload to the validated proof. An attacker can present any valid historical proof alongside a different malicious request body. As long as the commitment hash is fresh, the handler processes the fabricated request. - Weak Authorization in TokenGateway
Governance actions in TokenGateway used only a shallow source-field check rather than the full authenticate(request) modifier applied to asset-transfer paths:
function handleChangeAssetAdmin(PostRequest calldata request) internal { // Shallow check — only validates request.source field if (!request.source.equals(IIsmpHost(_params.host).hyperbridge())) revert UnauthorizedAction(); // MISSING: authenticate(request) modifier IERC6160Ext20(erc6160Address).changeAdmin(newAdmin); }
Because the attacker controlled the forged leaf content, the source field matched the expected hyperbridge() address. The check passed easily. In addition, challengePeriod was set to 0, removing any delay-based safety window.
- ERC-6160 Token Privilege Model
The ERC-6160 standard grants the admin address unrestricted MINTER_ROLE and BURNER_ROLE immediately after a successful changeAdmin() call. There is no multi-signature requirement, no time-lock, and no secondary confirmation. Once the helper contract was installed as admin, it minted 1,000,000,000 DOT in a single call. The same TokenGateway contract manages all bridged parachain assets including DOT, BNC, vDOT, ASTR, GLMR, MANTA, CERE, and others, making every asset vulnerable at once.
Step-by-Step Attack Flow
Attacker preparation
The EOA was funded via Railgun shielded pools and Synapse Bridge. Multiple test contract deployments in the weeks prior confirmed the exploit path.
Contract deployment
Within the exploit transaction, the attacker deployed a master orchestration contract (0x518AB393…) and a helper contract (0x31a165a9…) that became the new token admin.
Forged PostRequest submission
The helper contract called HandlerV1.handlePostRequests() with a crafted PostRequestMessage. The MMR proof was designed to trigger the leafCount equals 1 edge case, causing the library to discard the forged leaf and substitute a legitimate stored root.
Request dispatch
After proof verification succeeded, the forged request with action byte 0x04 (ChangeAssetAdmin) was forwarded by EthereumHost.dispatchIncoming() to TokenGateway.onAccept(). With challengePeriod set to 0, there was no delay.
Privilege escalation
TokenGateway.handleChangeAssetAdmin() passed the shallow source check. The helper contract was set as the new admin of the bridged DOT token, immediately gaining MINTER_ROLE.
Mint, swap, and exit
1,000,000,000 DOT tokens were minted. The tokens were approved to OdosRouterV3 and swapped through Uniswap V4 PoolManager for 108.2 ETH, which was sent to the attacker’s EOA. The funds were later moved back through Railgun.
Stolen Fund Flow
Pre-attack funding
The attacker’s EOA was seeded via Railgun shielded pools, with funds subsequently bridged through Synapse Bridge before arriving at the attacker EOA , establishing a layer of on-chain obfuscation ahead of the exploit.
Exploit proceeds
Following the unauthorized mint, the helper contract routed the 1,000,000,000 DOT tokens through OdosRouterV3 into the Uniswap V4 PoolManager, yielding 108.2 ETH which was forwarded directly to the attacker EOA within the same transaction block.
Post-exploit
After receiving the proceeds, the attacker EOA resumed routing funds through Railgun for ongoing laundering. As of the time of writing, the funds have not been recovered.
Financial Impact Assessment
The immediate market impact was severe. Bridged DOT collapsed from approximately $1.22 to $0.00013 within minutes of the exploit, resulting in a near-total wipeout of value. The sudden price crash triggered roughly $728,000 in long position liquidations across downstream markets, and major exchanges quickly paused bridged DOT deposits and withdrawals to prevent further contagion.
The damage extended beyond DOT. Because the same TokenGateway contract governs all bridged parachain assets, attackers carried out secondary exploits against MANTA and CERE tokens using the same vulnerability vector before the gateway could be frozen. EthereumHost has since been frozen pending a full contract upgrade and re-audit. Native Polkadot, including the relay chain, staking infrastructure, and parachains, remained entirely unaffected throughout.
Smart contract fixes
MMR library
Enforce strict boundary validation so that leaf_index is always less than leafCount. Add unit tests for edge cases where leafCount equals 1 or 0.
Proof-to-request binding
Ensure the commitment hash covers both the proof and the full request payload. Reject any mismatch between proven leaf and submitted request.
TokenGateway authorization
Apply the full authenticate(request) modifier to all governance actions. Restore a non-zero challengePeriod, with at least one hour recommended.
ERC-6160 admin safeguards
Introduce a time-lock or multi-signature approval for changeAdmin(). Separate MINTER_ROLE assignment from admin status and require explicit granting.
Systemic improvements
- Split TokenGateway per asset to reduce risk exposure.
- Conduct a full audit of all consensus client integrations, not just the MMR library.
- Implement real-time monitoring for abnormal minting activity.
- Establish a well-funded bug bounty program covering ISMP proof verification paths.
