Hyperbridge

The next era of interoperability has begun. You can now bridge & swap your USDC and USDT seamlessly across EVM networks, powered by Hyperbridge. But it doesn’t end there, there’s always more…

A security note: Expect scammers to impersonate this account, post fake addresses, and drop phishing links in replies. Only use the address and email in this thread. Verify both before sending anything.

If you're still holding funds from the exploit, the window is open. Same terms. DOT: send to the Sovereign Account — assethub-polkadot.subscan.io/account/13cKp8… Other assets: email ops@polytope.technology

Update on the April 13 Token Gateway exploit: 5.44 ETH and ~180k CERE have been voluntarily returned — the first return since we opened the no-questions-asked window. Funds are being returned to Cere and Bifrost, where some pools were affected by the exploit.

During our ongoing investigation into the April 13 Token Gateway exploit, we have identified that a number of regular Hyperbridge users, distinct from the original attacker, also withdrew funds from the DOT escrow during or shortly after the incident. After the attacker drained the pools, the price of DOT in those pools became severely distorted relative to other assets. This meant that a small amount of another token could be swapped for a disproportionately large amount of DOT, which some users bridged back to Polkadot. Whether or not this was done with full understanding of the circumstances, these funds belong to the affected liquidity providers whose pools were drained. We are offering a 14-day voluntary return window. Funds returned to the address below will be treated as good-faith acts. Return address (Hyperbridge Sovereign Account): (assethub-polkadot.subscan.io/account/13cKp8…) After this window closes, wallet addresses still holding unreturned funds will be referred to law enforcement alongside the on-chain evidence our forensics partners have compiled. These wallets have been identified and their full transaction histories are documented. If you are unsure whether this applies to you, or if you need assistance with the return process, reach out ops@polytope.technology.

Please disregard any unsolicited DMs, wallet signature requests, or accounts claiming to represent Hyperbridge or offering recovery services. Our only official channels are @hyperbridge on X, Telegram, and Discord. The full update is available here: blog.hyperbridge.network/recovery-and-n…

What this exploit has made clear, expensively, is that verification logic needs more frequent audits and adversarial testing at every layer of the stack. That is the standard Token Gateway will operate under going forward.

An update on the April 13 Hyperbridge Token Gateway exploit. Our initial loss estimate of approximately $237K has been revised upward to approximately $2.5M, with most of the increase reflecting losses from incentive pools across Ethereum, Base, BNB Chain, and Arbitrum.

We’ll share further updates as we progress. For questions or support, please reach out to: ops@polytope.technology

The attacker minted 1 billion bridged DOT tokens (over 2,800x the legitimate circulating supply (~356K tokens)), and sold them on a decentralized exchange. We’re actively working with security partners to track and recover the affected funds. Bridging will remain paused while additional safeguards are implemented and reviewed.

Security Update: Token Gateway exploit On April 13, 2026, a vulnerability in Hyperbridge’s Token Gateway was exploited, resulting in approximately $237,000 in losses on Ethereum. Bridging operations were paused immediately after detection, and this is an update on the situation. 🧵