TLDRHyperbridge increased its April 13 exploit loss estimate to about $2.5 million after a broader review across four chains.The attacker extracted around 245 ETH and then minted about 1 billion fake bridged DOT tokens.Polkadot confirmed that only DOT bridged through Hyperbridge was affected, while native DOT remained secure.The exploit targeted a flaw in the Merkle Mountain Range proof verification logic in HandlerV1.Hyperbridge paused Token Gateway operations and is working with Binance and law enforcement on fund recovery.Hyperbridge has raised its loss estimate from the April 13 Token Gateway exploit to about $2.5 million. The project had earlier reported losses of nearly $237,000 based on early on-chain activity. However, a broader review across four chains revealed deeper damage and a two-phase attack.Polkadot Confirms Bridged DOT ExposureHyperbridge said it revised the figure after reconciling transactions across Ethereum, Base, BNB Chain, and Arbitrum. The team explained that it reviewed attacker activity in two phases and included losses from incentive pools. As a result, it increased the total realized losses to roughly $2.5 million.Polkadot stated that the incident affected only DOT bridged through Hyperbridge to Ethereum. The network confirmed that native DOT on Polkadot remained unaffected. It also clarified that the broader Polkadot ecosystem did not face a direct impact.Hyperbridge initially focused on the visible sell-off of bridged DOT on Ethereum. However, further investigation showed that the attacker first extracted about 245 ETH from Token Gateway. The attacker then moved into a second phase that involved minting about 1 billion bridged DOT tokens.The attacker minted the tokens without authorization and sold them into available decentralized exchange liquidity. Consequently, the sales pressure deepened losses across supported chains. Hyperbridge confirmed that the exploit centered on its Token Gateway component.Ethereum, Base, BNB Chain, and Arbitrum ImpactedSecurity researchers traced the flaw to the Merkle Mountain Range proof verification logic. The vulnerability affected Hyperbridge’s HandlerV1 path and enabled forged cross-chain messages. As a result, the attacker gained control over admin functions tied to the bridged DOT contract.The attacker used that access to mint fake bridged DOT tokens on Ethereum. The attacker then dumped those tokens into limited liquidity pools. This sequence expanded losses beyond the initial ETH extraction.Hyperbridge stated that the damage remained isolated to Token Gateway. It confirmed that bridged token contracts on Ethereum, Base, BNB Chain, and Arbitrum were affected. However, it said that Intent Gateway and related products were not impacted.The team said it traced a large portion of exploited funds to Binance. It added that it works with Binance’s compliance team and law enforcement to freeze and recover assets. Hyperbridge said it plans to allocate BRIDGE tokens if recovery efforts fail.All Token Gateway bridging remains paused while the team finalizes a patch. Hyperbridge said it will complete an independent audit and add safeguards before resuming operations. It confirmed that it will publish the audit report before restoring full functionality.The post Polkadot-linked Hyperbridge exploit losses hit $2.5M appeared first on Blockonomi.