Attacker mints $1 billion Polkadot tokens on Ethereum, ends up stealing just $250,000
A sophisticated attacker successfully minted $1 billion worth of Polkadot (DOT) tokens on the Ethereum network but managed to extract only $250,000 before security measures limited the exploit's impact. The incident occurred through a vulnerability in the cross-chain bridge infrastructure connecting Polkadot's native network to Ethereum, allowing the malicious actor to create unauthorized token representations on Ethereum's blockchain.
The exploit targeted the wrapped DOT token contract on Ethereum, which enables Polkadot tokens to operate within Ethereum's DeFi ecosystem. Cross-chain bridges have become critical infrastructure as users seek to move assets between different blockchain networks, but they also represent significant security risks due to their complexity. The attacker appears to have exploited a flaw in the minting mechanism that validates token deposits from the Polkadot network.
Despite the massive scale of the unauthorized token creation, liquidity constraints and automated security protocols prevented the attacker from converting the full amount into other cryptocurrencies. The incident highlights ongoing vulnerabilities in cross-chain infrastructure, which has suffered over $2 billion in losses from similar exploits over the past two years. The relatively small amount extracted compared to the tokens minted demonstrates how market dynamics can limit the practical impact of such attacks.
The affected bridge protocol has temporarily suspended operations while developers implement patches to prevent similar exploits.
Source: CoinDesk
