Cointelegraph reported on April 13 that a bridged version of Polkadot's DOT token on Ethereum has been exploited. An attacker minted 1 billion DOT through the bridge contract and dumped the entire supply into the market, as of April 13, 2026.
The full scope of losses, the specific bridge contract involved, and whether the attacker has been identified remain unclear at the time of writing. Polkadot's native DOT on its own network does not appear to be affected - this exploit targeted a wrapped or bridged representation of DOT that exists as an ERC-20 token on Ethereum.
How Bridged Token Exploits Work
Bridge contracts hold native tokens on one chain and mint equivalent "wrapped" tokens on another. When an attacker compromises the minting function, they can create tokens that were never backed by real deposits.
The attack pattern is familiar. The attacker gains unauthorized access to the bridge's mint function, creates an arbitrary number of tokens, and sells them on decentralized exchanges before anyone can pause the contract. Buyers on Ethereum who purchased these bridged DOT tokens are left holding assets backed by nothing.
This is the same mechanic behind some of crypto's largest losses. The Wormhole bridge lost $320 million in February 2022 when an attacker minted 120,000 wETH without posting collateral. The Ronin bridge lost $625 million a month later through compromised validator keys. IoTeX's ioTube bridge was exploited for $4.4 million in February 2026 after a single private key was compromised, giving the attacker control over both the token vault and the minting contract. Drift Protocol lost $285 million on April 1, 2026, in what became the year's largest exploit.
The total damage from bridge exploits since 2022 exceeds $2.5 billion.
Why Bridged Tokens Carry Structural Risk
Every bridged token introduces a trust assumption that doesn't exist with native assets. When you hold DOT on Polkadot, you hold a token secured by the network's own consensus mechanism. When you hold bridged DOT on Ethereum, you hold a claim issued by a smart contract, and that claim is only as good as the contract's security.
Bridge contracts are high-value targets because they concentrate liquidity in a single point of failure. A vulnerability in one function, a single compromised key, or a logic error in the minting process can give an attacker access to the full supply.
The problem compounds on decentralized exchanges. Automated market makers will fill sell orders at whatever price clears, so an attacker dumping 1 billion minted tokens can drain liquidity pools before governance or multisig holders can react. Liquidity providers and buyers absorb the loss.
What DOT Holders Should Check
If you hold bridged DOT on Ethereum, check which bridge contract issued your tokens. Different bridges operate independently - an exploit in one bridge contract does not necessarily affect DOT bridged through a different protocol.
If your bridged DOT came from the exploited contract, those tokens may now be worthless regardless of their face value. The bridge's backing was broken the moment the attacker minted unbacked supply.
Native DOT held on Polkadot, on exchanges, or in self-custody wallets on Polkadot's own network is unaffected by this exploit. The vulnerability was in the Ethereum-side bridge contract, not in Polkadot's consensus or token issuance.
Holders of any wrapped or bridged asset - not just DOT - should verify the security model of the bridge they used. Trustless bridges that rely on cryptographic proofs (like Polkadot's own Snowbridge) carry different risk profiles than bridges that rely on multisig validators or single admin keys.
Bridge Security After $2.5 Billion in Losses
The crypto industry has spent three years trying to solve the bridge problem. Trustless bridges, optimistic verification, zero-knowledge proofs, and restaking-based security have all been proposed or deployed. None has eliminated the risk entirely.
The pattern repeats because the economic incentive is overwhelming. Bridge contracts hold concentrated pools of real assets and issue synthetic claims against them. For an attacker, compromising a single contract function can yield hundreds of millions in minutes.
For users who spend crypto through card products or interact with DeFi protocols across multiple chains, this exploit reinforces a basic principle: native assets on their home chain carry fewer trust assumptions than any bridged representation.
Overview
A bridged Polkadot DOT token on Ethereum was exploited on April 13, 2026, with an attacker minting 1 billion tokens and selling the entire supply. The specific bridge contract and total dollar losses have not been confirmed at the time of writing. Native DOT on Polkadot is unaffected. Bridge exploits have now drained over $2.5 billion from the crypto ecosystem since 2022, and bridged tokens remain one of the highest-risk asset categories in DeFi.
