coin-img-ETHETH-1.49%coin-img-BTCBTC-1.30%coin-img-SOLSOL-0.39%coin-img-ULTIMAULTIMA+10.35%coin-img-BENZBENZ+0.00%coin-img-COOCOO-28.81%coin-img-USDCUSDC+0.01%coin-img-XRPXRP-0.35%coin-img-ETHETH-1.49%coin-img-BTCBTC-1.30%coin-img-SOLSOL-0.39%coin-img-ULTIMAULTIMA+10.35%coin-img-BENZBENZ+0.00%coin-img-COOCOO-28.81%coin-img-USDCUSDC+0.01%coin-img-XRPXRP-0.35%coin-img-ETHETH-1.49%coin-img-BTCBTC-1.30%coin-img-SOLSOL-0.39%coin-img-ULTIMAULTIMA+10.35%coin-img-BENZBENZ+0.00%coin-img-COOCOO-28.81%coin-img-USDCUSDC+0.01%coin-img-XRPXRP-0.35%coin-img-ETHETH-1.49%coin-img-BTCBTC-1.30%coin-img-SOLSOL-0.39%coin-img-ULTIMAULTIMA+10.35%coin-img-BENZBENZ+0.00%coin-img-COOCOO-28.81%coin-img-USDCUSDC+0.01%coin-img-XRPXRP-0.35%

Hyperbridge HandlerV1 Hit by MMR Proof Replay Flaw, About $242,000 Lost

BlockSec's Phalcon team reported that a Merkle Mountain Range (MMR) proof replay weakness in Hyperbridge-managed HandlerV1 contracts on Ethereum led to losses of roughly $242,000. The issue stemmed from proofs not being tied to specific requests, enabling an attacker to reuse previously valid proofs alongside newly crafted requests to trigger sensitive operations, including administrator changes. In one instance, the attacker took over the administrator role for the Polkadot (DOT) token, then used the elevated privileges to mint additional DOT for profit. Transactions observed include administrator changes followed by minting DOT (about $237,400 lost) and ARGN (about $3,800 lost), as well as withdrawals from the host. BlockSec said the flaw was identified by PhalconSecurity and examined using PhalconExplorer. The disclosure follows earlier reports that a Hyperbridge gateway contract had been compromised, resulting in 1 billion DOT minted on Ethereum and later sold.
Selected
DOT
DOT-2.53%
ETH
ETH-1.50%
Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.