Polkadot's most recent update indicates a significant but contained incident involving bridging assets rather than the core network. The core of the problem is a fault in Hyperbridge's Ethereum gateway contract, which disclosed a vulnerability impacting DOT tokens transferred to Ethereum. The issue reveals deeper concerns regarding cross-chain infrastructure and the hidden issues users frequently miss when bridging assets, even while the wider ecosystem is unaffected.

• What Exactly Happened with Hyperbridge's Gateway Contract?
• Why Native Polkadot & Other Bridges Are Unaffected?
• The Real-Risk: Cross-Chain Dependencies Under Scrutiny
• Market & Ecosystem Reaction to the Incident

What Exactly Happened with Hyperbridge's Gateway Contract?

The Ethereum gateway contract of Hyperbridge, which serves as a bridge interface for transferring DOT tokens between ecosystems, is the precise source of the issue. The update states that the exploit only affects DOT tokens that were moved over this specific path, not the entire network.

This difference is important. The smart contract layer that Polkadot uses to enable interoperability is the source of the vulnerability, not the basic protocol or its parachains. To put it simply, the problem is not with DOT as such, but rather with the way some DOT tokens were managed and wrapped on Ethereum using Hyperbridge.

That contract logic seems to be the objective of the hack, which permits unexpected behaviour that only affects those bridged tokens. As a result, this is more of a localised infrastructure vulnerability than a systemic risk.

Why Native Polkadot & Other Bridges Are Unaffected?

The fact that DOT is still completely secure within its original ecosystem is a crucial statement from Polkadot. This covers tokens stored either inside the Polkadot parachains or directly on the relay chain. Similarly, there is no effect on DOT bridged across other protocols.

This effectively isolates the danger. It verifies that the problem is not caused by parachain malfunction, validator compromise, or consensus failure. Rather, it draws attention to the disjointed character of cross-chain systems, where each bridge successfully adds its own trust assumptions and possible weaknesses.

This means that the way a user's DOT was transferred determines their exposure. It is within the impacted scope if it went through Hyperbridge's Ethereum gateway. Otherwise, there is no direct effect.

We’re aware of an issue affecting @hyperbridge's Ethereum gateway contract.

The exploit only affects DOT on Ethereum that is bridged through Hyperbridge and does not affect DOT in the Polkadot ecosystem, or DOT bridged through other bridges.

Polkadot, its parachains, and…— Polkadot (@Polkadot) April 13, 2026