bridge

According to Hyperbridge's official disclosure, the loss from the Token Gateway vulnerability incident has been revised from an initial estimate of $237,000 to approximately $2.5 million, with the increase mainly coming from losses in incentive pools on Ethereum, Base, BNB Chain, and Arbitrum.The attacker extracted about 245 ETH from the relevant contracts and then bypassed the MMR proof verification mechanism by forging cross-chain messages, minting 1 billion bridged DOT and selling them into a thinly traded market. Currently, some of the stolen funds have been traced on-chain to Binance, and Hyperbridge is collaborating with Binance's compliance team and law enforcement agencies for an investigation.Native DOT of Polkadot and products like Intent Gateway are unaffected, while the Token Gateway and the bridged DOT contracts on the four affected EVM chains remain suspended. The MMR verification logic patch is undergoing external audit, and the bridging functionality will be restored after the audit is completed.

According to official news, the BTTC Bridge transaction record page has completed its functional upgrade and is officially online, aiming to provide cross-chain users with a more efficient and transparent asset tracking experience. This update introduces a dual-view independent display mode for "All Records" and "In Progress," and launches a multi-dimensional filtering tool that supports flexible combination retrieval by transaction status, type, and custom date range. At the same time, the page has strengthened the exclusive identification marks for incoming, outgoing, and cross-chain activities, helping users quickly locate the flow of funds. Users can now access the platform to experience a clearer cross-chain transaction management view, and the team will continue to refine product details to serve a broader range of on-chain interaction scenarios.

According to on-chain analysis platform Arkham (@arkham), attackers exploiting the Bridged Polkadot vulnerability have transferred all stolen funds into Tornado Cash, involving an amount of approximately $269,000.

The blockchain interoperability protocol Hyperbridge disclosed details of the previous DOT attack incident, resulting in a loss of approximately $237,000. The root of the vulnerability lies in the HandlerV1 contract's VerifyProof() function, which lacks input validation and does not verify the leaf_index leafCount, allowing attackers to forge Merkle proofs.Using this, the attacker gained administrator privileges for the DOT token bridging contract on Ethereum, subsequently minting 1 billion bridged DOT (which is about 2800 times the legitimate circulation of approximately 356,000) and cashing out on decentralized exchanges. Hyperbridge stated that it is currently working with security partners to trace the funds, and cross-chain functionality will remain suspended until the investigation is completed.

Polkadot stated on the X platform that the team has noticed security issues with the Ethereum gateway contract of Hyperbridge. This vulnerability only affects DOT tokens bridged to Ethereum via Hyperbridge, while DOT within the Polkadot ecosystem and other bridging solutions are not affected. Polkadot and its parachains and native DOT remain secure. Hyperbridge has suspended operations during the investigation.According to previous news from ChainCatcher, the Hyperbridge contract encountered an MMR proof replay vulnerability, resulting in a loss of approximately $242,000.

Polkadot responded to the Hyperbridge vulnerability incident, stating that the vulnerability only affects DOT assets bridged to the Ethereum network via Hyperbridge and does not involve native DOT within the Polkadot ecosystem or assets from other bridging paths. The official statement indicated that the Polkadot mainnet and its parachains are operating normally, and related assets remain secure.Currently, Hyperbridge has suspended operations, and the incident is under further investigation. Previous reports indicated that the Polkadot bridge vulnerability was exploited, resulting in the issuance of 1 billion DOT on the Ethereum network, which has been sold off, with the attacker profiting $237,000.

According to monitoring by BlockSec, the HandlerV1 contract managed by Hyperbridge has a Merkle Mountain Range (MMR) proof replay vulnerability on the Ethereum network, resulting in a loss of approximately $242,000. The vulnerability arises from the proof not being bound to the request, allowing attackers to replay historically valid proofs and combine them with new forged requests to perform actions such as changing administrator permissions.In a specific case, the attacker changed the administrator of the Polkadot (DOT) Token and then exploited the permissions to mint additional DOT for profit. Related attack transactions have been observed, including changing the administrator and minting of DOT Token (loss of approximately $237,400), changing the administrator and minting of ARGN Token (loss of approximately $3,800), and host withdrawals, among others.Previously, it was reported that the Hyperbridge gateway contract was attacked, resulting in the minting and dumping of 1 billion DOT on Ethereum.

According to monitoring by Pidun, 1 billion DOT tokens were abnormally minted and sold on the Ethereum chain.On-chain data shows that about 1 hour ago, the attacker transferred the contract control to a malicious address by tampering with administrator permissions, subsequently minting 1 billion DOT and immediately selling them, causing the coin price to plummet from $1.22 to nearly zero.The incident is still unfolding, and Polkadot's official response has not yet been released. The target of this attack was bridging assets on Ethereum, not the native Polkadot chain.

According to DefiLlama data, the net inflow of funds for Ethereum cross-chain bridges in the past 7 days reached $11.112 billion, ranking first among all public chains. Following are Solana and Polygon, with net inflows of $497 million and $397 million, respectively.Base, Plasma, Ink, Avalanche, Arbitrum, and Tron also experienced varying degrees of net inflow, amounting to $275 million, $214 million, $165 million, $157 million, $126 million, and $54 million, respectively.

According to official news, the decentralized GPU cloud computing infrastructure platform Aethir confirmed that its Ethereum-related bridging contract was attacked. The team promptly disconnected the affected contract and worked with major exchanges to blacklist the hacker's wallet, limiting the losses to under $90,000.Previously, blockchain security company PeckShield estimated the losses to be $400,000. The attacker exploited Aethir's cross-chain smart contract AethirOFTAdapter to transfer the stolen funds from the BNB Chain to Tron.Aethir stated that its Ethereum mainnet ATH token supply was unaffected and plans to announce a detailed compensation plan and incident analysis next week, collaborating with exchanges such as Binance, Upbit, and Bithumb to freeze funds. The Web3 security platform ZeroShadow is participating in the investigation. Aethir aims to achieve revenue of $127.8 million by 2025, with over 440,000 GPU containers deployed globally.

The enterprise-level modular L1 public chain ENI has announced a strategic partnership with the globally leading on-chain investment ecosystem Republic Crypto. Republic Crypto is backed by top institutions such as Hamilton Lane and Hashed, with an ecosystem covering over 2,500 enterprises.The two parties will combine Republic Crypto's expertise in token economics and top Western capital markets with the advantages of ENI's enterprise-level modular L1 architecture to open up liquidity channels for real-world assets (RWA) between the East and West, facilitating seamless global settlement for institutional assets and promoting the scaling of Web3 business.

According to official news, the BTTC cross-chain bridge interface has been completely upgraded. The new design fully incorporates user feedback, making the interaction experience smoother. Users can transfer assets through the BTTC address and move them to Ethereum without paying additional cross-chain fees, only bearing the Gas fees. The entire process is completely decentralized, with assets fully controlled by the user, and private keys and asset information are not accessible to any third party.

According to The Block, Coinbase has used Chainlink's new service DataLink for the first time to push its exchange market data directly to the blockchain.Through this service, blockchain protocols and applications can access the order books and futures trading data of Coinbase International Exchange and Coinbase Derivatives Exchange in real-time, including newly launched futures, stock, and commodity data.

Analysts say that the IoTeX private key may have been leaked, resulting in asset losses of approximately 4.3 million dollars; IoTeX officials reported on-chain attack losses of about 2 million dollars.

SkyBridge founder Anthony Scaramucci stated that the current Bitcoin bear market can be explained by the four-year cycle theory and long-term holders selling at the psychological price level of $100,000. He pointed out that while the inflow of institutional investors and Bitcoin ETFs has made the four-year cycle "milder," it has not completely eliminated this traditional cycle, and the collective belief of market participants can create a self-fulfilling prophecy.He predicts that Bitcoin will exhibit a volatile trend for most of 2026, with a rise beginning in the fourth quarter as part of a new bull market cycle. Scaramucci mentioned that market participants, including himself, had generally expected Bitcoin to rise to $150,000 by 2025, driven by the pro-crypto agenda of the Trump administration and a warming regulatory environment, but the market crash in October completely shattered this consensus.He used the example of Bitcoin's performance in early 2023 following the FTX collapse in November 2022 to illustrate that the market often moves in the opposite direction of mainstream sentiment, with bull markets typically starting during periods of "extreme apathy and lack of interest." The current bear market is considered a "normal" adjustment consistent with past corrections.

According to Cointelegraph, the Ethereum client team is testing a mechanism called Fast Confirmation Rules (FCR), aimed at compressing the deposit confirmation time from L1 to L2 networks and exchanges to about 13 seconds, reducing it by up to 98% compared to existing solutions. This mechanism was proposed by Ethereum researcher Julian Ma.FCR determines whether a block can be considered confirmed by evaluating the validators' attestations, rather than relying on the traditional block depth counting method. Its operation is based on two premises: that network message propagation is fast enough, and that no single entity holds more than 25% of the staked ETH. Currently, most users rely on canonical bridges to complete asset transfers, which typically require waiting about 13 minutes; some exchanges and L2s have adopted "k-depth" confirmation rules to shorten the wait, but this method lacks formal security guarantees.FCR can be deployed without a hard fork, and nodes can independently enable it without the need for coordination across the entire network. Ethereum co-founder Vitalik Buterin expressed support for this, believing that the mechanism can provide "hard guarantees" for transactions within a single time slot (about 12 seconds) under specific network conditions. However, there are still voices of skepticism in the community, with some users concerned about whether its trust assumptions can hold up under network pressure. Currently, client and API integration work is still ongoing.

According to CoinDesk, the Cambridge Centre for Alternative Finance has released a longitudinal study on the resilience of Bitcoin's network physical infrastructure, covering 11 years of peer-to-peer network data and 68 verified submarine cable failure events.The study shows that 72% to 92% of global multinational submarine cables need to fail simultaneously for significant node disconnections to occur in the Bitcoin network. Based on 1,000 Monte Carlo simulations for each scenario, over 87% of real failure events had less than a 5% impact on nodes, and the correlation coefficient between cable failures and Bitcoin prices is close to zero (-0.02). The study also reveals a significant asymmetry between random failures and directed attacks: if an attacker targets key hub cables, the destruction threshold will drop sharply to 20%; if directed attacks target the five largest hosting service providers—Hetzner, OVH, Comcast, Amazon, and Google Cloud—removing just 5% of routing capacity could cause a similar impact.

The decentralized AI infrastructure platform 0G Labs has announced its integration with the cross-chain liquidity protocol Euclid Protocol. This collaboration aims to combine 0G's decentralized AI infrastructure with frictionless cross-chain liquidity, enabling users to swap assets between any chains without relying on traditional cross-chain bridges.

According to Bloomberg, Bridge Data Centres (BDC) plans to invest up to SGD 5 billion (approximately USD 3.9 billion) in its home market of Singapore for the development of artificial intelligence technologies, aiming to accelerate its business growth in Asia.BDC CEO Eric Fan stated that the private company will invest in research projects and facilities, focusing on advanced power architecture, next-generation cooling systems, AI-driven operations, and energy optimization for high-density computing environments.