TechFlow reports that on April 13, BlockSec Phalcon disclosed a Merkle Mountain Range (MMR) proof replay vulnerability in the HandlerV1 contract managed by Hyperbridge on the Ethereum network, resulting in approximately $242,000 in losses. The vulnerability stems from the lack of binding between proofs and requests, enabling attackers to replay historical valid proofs alongside newly forged requests to perform actions such as altering administrator privileges. In the specific incident, the attacker changed the Polkadot (DOT) token administrator and subsequently minted additional DOT tokens using the newly acquired privileges to profit. Observed attack transactions include: changing the DOT token administrator and minting new tokens (losses of ~$237,400), changing the ARGN token administrator and minting new tokens (losses of ~$3,800), and host withdrawals. The vulnerability was discovered by PhalconSecurity and analyzed via PhalconExplorer.
Earlier reports indicated that the Hyperbridge gateway contract was compromised, leading to the unauthorized minting and subsequent sale of 1 billion DOT tokens on Ethereum.
