Skip to main content
Sign in
Hyperbridge1 decision on this page

Audit log

Every state-changing event for Hyperbridge: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-26 19:24:50Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,347,001
    sig
    5WKQm5amKD5h…LrMqxKCoexplorer ↗
    hash
    UPQCTRd3xoYk…8AxAdsgbsha256 → base58
    verifying row…full verify ↗
    canonical bytes (7774 B) ▸
    {"actor":"system:backfill","investigation_id":"e98dcb71-6fb2-41c3-9678-2430b35a4af0","kind":"publish","page_slug":"hyperbridge","published_at":"2026-05-26T19:24:50.010Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Hyperbridge","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.hyperbridge.network/april-13-post-mortem/","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/tech/2026/04/13/attacker-mints-usd1-billion-polkadot-tokens-on-ethereum-ends-up-stealing-just-usd250-000","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/hacker-steals-237k-1b-bridged-dot-hyperbridge","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2026/04/16/hyperbridge-raises-exploit-loss-estimate-to-2-5m-from-237k/","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/397773/polkadot-hyperbridge-exploit-losses-2-5-million-ten-times-initial-estimate","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/hyperbridge-exploit-losses-revised-25m/","type":"other","url":""},{"credibility":3,"name":"https://ambcrypto.com/hyperbridge-revises-exploit-losses-to-2-5m-traces-funds-to-binance/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://protos.com/hyperbridge-exploited-less-than-two-weeks-after-april-fools-day-hack-prank/","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=hyperbridge-exploit","type":"other","url":""},{"credibility":3,"name":"https://cryptoslate.com/polkadot-hyperbridge-april-fools-joke-comes-true-as-over-1-billion-fake-dot-tokens-were-minted-on-ethereum/","type":"other","url":""},{"credibility":3,"name":"https://ambcrypto.com/hyperbridge-exploit-lets-attacker-mint-1b-bridged-dot-raising-questions-after-safest-bridge-claims/","type":"other","url":""},{"credibility":3,"name":"https://blog.hyperbridge.network/explained-hack-april-fool/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://protos.com/hyperbridge-exploited-less-than-two-weeks-after-april-fools-day-hack-prank/","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/hyperbridge-launches-50k-bug-bounty-after-bridge-exploit/","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2026/05/15/hyperbridge-offers-50000-for-critical-vulnerabilities/","type":"other","url":""},{"credibility":3,"name":"https://www.autheo.com/blog/bridge-security-lessons-hyperbridge-exploit-2026","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blog.hyperbridge.network/recovery-and-next-steps/","type":"other","url":""},{"credibility":3,"name":"https://phemex.com/news/article/hyperbridge-revises-hack-losses-to-25-million-plans-compensation-73722","type":"other","url":""},{"credibility":3,"name":"https://forum.polkadot.network/t/pre-proposal-discussion-dot-recovery-loan-to-hyperbridge-token-gateway-exploit-victims/17552","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/hyperbridge-exploit-losses-revised-25m/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://techpoint.africa/feature/how-hyperbridge-works-seun-lanlege/","type":"other","url":""},{"credibility":3,"name":"https://techcabal.com/2025/04/17/polytope-labs-raises-over-5-million-to-scale-hyperbridge-backed-by-the-polkadot-ecosystem-fund/","type":"other","url":""},{"credibility":3,"name":"https://polkadot.com/newsroom/press-releases/hyperbridge-launches-on-Polkadot/","type":"other","url":""},{"credibility":3,"name":"https://en.wikipedia.org/wiki/Hyperbridge","type":"other","url":""},{"credibility":3,"name":"https://bitcoinke.io/2025/11/a-look-at-hyperbridge/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://protos.com/hyperbridge-exploited-less-than-two-weeks-after-april-fools-day-hack-prank/","type":"other","url":""},{"credibility":3,"name":"https://www.tronweekly.com/hyperbridge-suffers-237000-breach-as-token-gate/","type":"other","url":""},{"credibility":3,"name":"https://ambcrypto.com/hyperbridge-revises-exploit-losses-to-2-5m-traces-funds-to-binance/","type":"other","url":""}]}],"sources_used":[],"summary":"Hyperbridge is a cross-chain interoperability protocol built by Polytope Labs (founded by Nigerian engineers Seun Lanlege and David Salami) that uses cryptographic proofs to facilitate asset and message transfers across blockchains. On April 13, 2026, an attacker exploited a Merkle Mountain Range (MMR) proof verification vulnerability in the Token Gateway contract, minting 1 billion fraudulent bridged DOT tokens and extracting losses initially reported at $237,000 but later revised to approximately $2.5 million across Ethereum, Base, BNB Chain, and Arbitrum. The exploit occurred less than two weeks after the project publicly mocked the possibility of being hacked in an April Fools joke, and followed alleged dismissals of security researchers who had flagged vulnerabilities beforehand.","timeline":[{"date":"2023-11-01","event":"Polytope Labs publicly launches Hyperbridge cross-chain bridge.","source":""},{"date":"2024-01-01","event":"Hyperbridge launches on Polkadot mainnet.","source":""},{"date":"2025-04-17","event":"Polytope Labs announces over $5 million in funding backed by the Polkadot Ecosystem Fund, Web3 Foundation, and Scytale Digital.","source":""},{"date":"2025-09-30","event":"Hyperbridge expands to Polygon mainnet; team markets protocol as 'the world's safest bridge' in official materials.","source":""},{"date":"2026-02-01","event":"Alleged: a bug bounty researcher reports critical vulnerabilities and is reportedly told 'exploit them if you found them' by the team.","source":""},{"date":"2026-04-01","event":"Hyperbridge posts April Fools' joke on X claiming the Lazarus Group drained $37 million; linked blog post contains Rickroll GIF and article titled 'Why Hyperbridge Can't Be Hacked.'","source":""},{"date":"2026-04-02","event":"A known exploiter address begins probing Hyperbridge; a developer dismisses attempts with 'hope you have a quantum computer bro.'","source":""},{"date":"2026-04-13","event":"Exploit occurs: attacker forges an MMR proof to seize admin control of the bridged DOT contract on Ethereum and mints 1 billion fake DOT tokens, extracting approximately 108.2 ETH (~$237,000) and an estimated 245 ETH from the TokenGateway contract, with funds deposited into Tornado Cash.","source":""},{"date":"2026-04-13","event":"Hyperbridge pauses Token Gateway operations; patch deployed within 72 hours; April Fools posts deleted.","source":""},{"date":"2026-04-16","event":"Hyperbridge revises total exploit losses to approximately $2.5 million — ten times the initial estimate — after reconciling activity across Ethereum, Base, BNB Chain, and Arbitrum.","source":""},{"date":"2026-04-16","event":"Stolen funds traced in part to Binance; Hyperbridge states it is cooperating with Binance compliance and law enforcement.","source":""},{"date":"2026-04-25","event":"Polkadot Forum pre-proposal discussion published proposing a DOT recovery loan from the Polkadot Treasury for liquidity providers affected by the exploit.","source":""},{"date":"2026-05-15","event":"Hyperbridge launches $50,000 bug bounty on HackenProof for critical vulnerabilities, following post-exploit SRLabs audit that found 14 vulnerabilities (1 critical, 3 high, 5 medium, 4 low, 1 informational), all reportedly remediated.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision e85e3f54-d527-43c2-8ad4-6165345c2532
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.