On April 13, 2026, the bridge facilitating Polkadot’s DOT token transfers to Ethereum was compromised. Unauthorized actors have allegedly exploited administrative privileges in the bridge’s smart contract on the Ethereum network, enabling the creation of 1 billion unbacked DOT tokens. These tokens were then rapidly sold off in a single transaction, triggering an immediate market collapse.
Blockchain security firm PeckShield first identified the irregularity through on-chain monitoring.
The attackers began by altering admin permissions and shifting contract control to a wallet they controlled.
#PeckShieldAlert 1B $DOT minted and dumped on #Ethereum #Polkadot @Polkadot pic.twitter.com/nETiBnvnvm
— PeckShieldAlert (@PeckShieldAlert) April 13, 2026
They followed up by minting the full 1 billion DOT supply and offloading it entirely, realizing roughly 108 ETH (approximately $237,000 at prevailing prices).
The bridged DOT token’s price, which had been hovering near $1.22, plunged to virtually zero in the process.
It is critical to note that the breach was limited exclusively to the Ethereum-side bridged version of DOT.
Polkadot’s core relay chain, native token mechanics, and mainnet operations remained untouched.
The exploit did not affect assets or consensus on the primary Polkadot blockchain itself.
Still, the event exposes ongoing weaknesses in cross-chain bridging technology, where administrative controls and key management often represent single points of failure.
Market sentiment deteriorated quickly. Holders of the Ethereum-wrapped DOT faced steep losses as liquidity evaporated and the token’s value evaporated.
Observers expect a sharp drop in DOT’s Fear & Greed Index, reflecting broader anxiety over bridge security and the reliability of wrapped assets.
The incident unfolded rapidly—within about an hour of the initial admin-rights change—leaving little time for preventive intervention.
As of the latest available information, the Polkadot development team has issued no official statement or details on containment efforts.
Monitoring continues, with analysts tracking any movement of the attacker’s proceeds.
The situation remains fluid at the time of writing, and further updates from project leaders or independent auditors are anticipated.
This breach adds to a pattern of high-profile incidents targeting bridges across decentralized finance.
Such protocols frequently rely on privileged roles for minting, burning, or upgrading contracts, creating attractive targets for sophisticated adversaries.
Industry-wide, bridge exploits have now reportedly drained billions in prior years, underscoring the need for hardened practices like decentralized admin governance, timelocked upgrades, rigorous key custody, and continuous auditing.
For the Polkadot ecosystem, the recent event highlights the trade-offs of interoperability. While bridges expand utility by linking chains, they also introduce external dependencies and attack surfaces not present in native environments.
Users holding bridged assets are urged to monitor developments closely at this time and consider risks when engaging with wrapped tokens. The modest realized gain for the perpetrators—relative to the minted volume—does not diminish the potential long-term reputational impact on cross-chain solutions. And these kinds of issues will continue to undermine the legitimacy of relatively smaller crypto projects and indicate that bigger networks are better at ensuring security in the web3 space.