Hyperbridge exploited less than two weeks after April Fools’ day hack prank

Self-styled “unbreakable” Hyperbridge protocol has been exploited, less than two weeks after making a tasteless April Fools’ joke about being hacked.

Despite previously explaining how a hack was impossible as part of the April 1 prank, the project acknowledged the exploit in a “bridge update!” posted to X. 

According to crypto security firm CertiK, the hacker “forged message to change the admin of Polkadot token contract on Ethereum and profited ~$237K from minting and selling 1B tokens.”

Another on-chain analyst flagged a further 245 ether (worth over $500,000) which was allegedly drained from the project’s TokenGateway contract before being deposited into Tornado Cash.

While this loss may be modest compared to many crypto hacks, especially bridges, many have focused on the karma dealt to a project with a consistently cavalier attitude towards security.

Read more: Bitcoin Depot didn’t spot 50 BTC hack for three days, report

Hyperbridge claimed the North Korean Lazarus Group had drained $37 million on April 1. The announcement linked to a (now deleted) blog post which contained a Rickroll gif before explaining “Why Hyperbridge Can’t Be Hacked.”

Following backlash, Hyperbridge’s “mad scientist,” who goes by “Web3 Philosopher” on X, boasted of the protocol’s “incorruptible” infrastructure.

In February, they also posted screenshots which appear to show correspondence with a big bounty hunter flagging critical vulnerabilities, who was told “exploit them if you found them.”

Apparently taking the April Fools’ prank as a challenge, a known exploiter address began testing Hyperbridge. The attempts were dismissed with “hope you have a quantum computer bro.”

Got a tip? Send us an email securely via Protos Leaks. For more informed news and investigations, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.