Olivia
Online
PolkaStats
@PolkaStats
Polkastats block explorer dev
127.0.0.1
Joined July 2019
270 Following
11.7K Followers
262 Posts
JAR Chain is a community fork of #Polkadot JAM.
* We're actually going to launch this year. Not delays, delays, delays.
* Our JAVM is around 2x faster than JAM PolkaVM.
* Actually secure: we re-designed the execution engine from ground up with a new capability system and KVM microkernel.
Interested? Join our discussions on Matrix. https://t.co/cHMWfPrhAd
On April 13, 2026, an attacker exploited a vulnerability in Hyperbridge’s MMR verifier and drained the Token Gateway.
After a round of internal audits, we found the same class of bug in two widely used libraries across the Polkadot ecosystem, including pallet-beefy-mmr.
Here’s the full account 🧵
JAM/ELVES has one critical soundness issue that makes it susceptible to LayerZero-type degradation.
Safety bound is magnitude lower than claimed.
In the past, it's practically unlikely that validators mass run modified node versions.
Nowadays, agentic development means that a rational validator will be able to do it if the incentive is not aligned.
We cannot any more make a blanket categorization of adversarial / non-adversarial nodes. The actual incentives and the reality of a "rational node implementation" must be explicitly quantified.
If you just woke up and saw $DOT @Polkadot hacked, here is what I found (long-read)
THE SETUP
Hyperbridge uses ISMP (Interoperability State Machine Protocol) to bridge Polkadot assets to Ethereum. The architecture:
- EthereumHost - stores consensus state & commitments
- HandlerV1 - verifies proofs, dispatches messages
- Consensus Client - verifies BEEFY/GRANDPA proofs from Polkadot
- TokenGateway - mints/burns wrapped assets (DOT, ARGN, MANTA, etc.)
Two critical facts about the live config:
1) challengePeriod = 0 (no delay before state commitments become usable)
2) The consensus client (0xA0Ad0CfD02509321AA5968cD04A8E205Ce53669a) is UNVERIFIED - no public source code
---
THE ATTACK (one atomic transaction)
TX: https://t.co/7rUn3Lsz71
Attacker 0xC513E4f5D7a93A1Dd5B7C4D9f6cC2F52d2F1F8E7 deployed an exploit contract whose constructor executed this entire sequence:
1. Deploy sub-contract (0x31a165a956842aB783098641dB25C7a9067ca9AB)
2. Call run() on sub-contract
3. Sub-contract calls HandlerV1.handleConsensus() with a FORGED Polkadot consensus proof
4. The unverified consensus client accepts the forged proof
5. A malicious state commitment (containing attacker-controlled MMR root) gets stored in EthereumHost
6. Since challengePeriod = 0, the commitment is IMMEDIATELY usable, no fisherman dispute window
7. Sub-contract calls HandlerV1.handlePostRequests() with a crafted MMR proof referencing the just-stored malicious root
8. The MMR verification passes trivially, attacker controls BOTH the root and the proof
9. The forged ISMP message contains: action=ChangeAssetAdmin, source="POLKADOT-3367", newAdmin=sub-contract
10. TokenGateway checks request.source == "POLKADOT-3367" - PASSES (source was embedded in forged MMR leaf)
11. TokenGateway calls DOT.changeAdmin(sub-contract), sub-contract is now DOT admin
12. Sub-contract calls https://t.co/ek9hZaR6zQ(1,000,000,000 DOT)
13. Sub-contract approves DEX router for max, swaps 1B DOT for 108.2 ETH via Uniswap V4
14. ETH flows back: sub-contract -> exploit contract -> attacker EOA
All in one transaction. Gas cost: 0.000339 ETH. Profit: 108.2 ETH.
---
WHY THE SOURCE CHECK FAILS
TokenGateway's authorization for privileged actions like ChangeAssetAdmin:
if (!request.source.equals(host.hyperbridge())) revert UnauthorizedAction();
This byte comparison is not a security boundary. It relies entirely on the integrity of the consensus proof upstream. The source field lives inside the MMR leaf, when the attacker controls the MMR root, they control every leaf, including the source field. The check becomes a tautology.
---
ROOT CAUSE
Two combined weaknesses:
challengePeriod = 0: The challenge period is the only defense against forged consensus proofs. When it's zero, any fraudulent state commitment accepted by the consensus client is immediately exploitable in the same block. No fisherman window. No dispute mechanism. Plant and exploit in one tx.
Unverified consensus client: The contract at 0xA0Ad0CfD02509321AA5968cD04A8E205Ce53669a has no public source code. Its verifyConsensus() accepted a forged BEEFY proof. Either a cryptographic bug, a deliberately weakened replacement, or a compromised signing key.
---
SCOPE: NOT JUST DOT
The attacker exploited multiple Hyperbridge-wrapped assets via the same vector:
- DOT: 1B minted (~$1.78B face value)
- ARGN (Argon): ~999B minted (~$1.03B face)
- MANTA: 211K minted (partially captured by MEV bot)
- CERE: ~23B minted (partially captured by MEV bot)
All ERC6160Ext20 tokens managed by the same TokenGateway. Same forged ISMP message, different action payloads.
---
ATTACKER PROFILE
- 33-day-old wallet, seeded from a RAILGUN RelayAdapt contract (not a simple EOA)
- Spent a month deploying 15+ test contracts against live state
- Used https://t.co/cEhae8a7y3 to bridge ETH across chains immediately after funding (obfuscation)
- Pre-deployed custom zk-SNARK verification keys via RAILGUN 8.5 months before the exploit
- Laundering confirmed via RAILGUN zk shielded pool, withdrawing in 15 ETH denominations to fresh exit wallets
Months of preparation.
---
FUND FLOW
Primary swap: ~108.2 ETH ($237k)
Secondary waves: ~4,924 ETH ($10.8k)
Later stablecoin: ~$8k (WETH/USDC/USDT)
Total extracted: ~$250kM+
EthereumHost is frozen (status=All). Attacker is laundering through RAILGUN. No bridge-out transactions observed yet. Exit wallet 0x43C291c59164e55E27326a719c4FD05a1b72F8b2 holds ~105 ETH from RAILGUN withdrawals.
---
KEY ADDRESSES
Attacker: https://t.co/EAkYS1xp5I
DOT Token: https://t.co/hKxJ8GaDPG
TokenGateway: https://t.co/B1UWfsYq0u
EthereumHost: https://t.co/gdJNH5cIl7
Consensus Client (unverified): https://t.co/7UEVaBNUqv
RAILGUN Exit Wallet: https://t.co/U3NXOiUctF
Who to follow
Subscan 
@subscan_io
Subscan Blockchain #Explorer: Web3 Portal to the Substrate & EVM Ecosystems
🌐 https://t.co/HnLe8bqA2S
Polkadot Devs
@PolkadotDevs
Welcome to the @Polkadot Developer community.
Stay updated with tools, events, and pioneering ideas 💡
Build. Collaborate. Innovate. 🌐
Parity Technologies
@paritytech
We're the Web3 innovators, core engineers, and Rust devs powering the decentralized web by developing @Polkadot. Here since 2015. Here to stay.
Grateful to all the unsung heroes who’ve helped the PAPI team through these very difficult times. Now that we’re starting to see the light at the end of the tunnel, it’s been humbling to see how many people stepped up and had our backs. Thank you so much! 🙇♂️
Strongly supporting @Polkadot Ref 1836 to continue funding PAPI team! 📷PAPI is the library we need: metadata-driven, strictly type-safe, and built for decentralization with native Smoldot light client support. https://t.co/TE4xKGQH4F
The next era of interoperability has begun.
You can now bridge & swap your USDC and USDT seamlessly across EVM networks, powered by Hyperbridge.
But it doesn’t end there, there’s always more…
America’s first state-issued stablecoin is here.
FRNT, formerly known as WYST, is now live on Avalanche and will soon be spendable through @raincards' Visa-integrated platform.
Programmable money is becoming real-world money. Here’s why it matters 🧵
Meet @wildmetaHQ 🦦🚀
We’re building Wildmeta — a mobile-first @HyperliquidX super app at Heima, powered by our own chain abstraction tech.
💡Want to be part of it early? Join the waitlist 👉https://t.co/3PW3mRTTSq
Trade perps, connect with pro traders, and track it all from your pocket — all on-chain and cross-chain.
#Wildmeta #Heima #Hyperliquid
🗺️ July 2025 Polkadot Roadmap 🗺️
New:
- NOMT -> 10x Performance, landing in 2026?
Releasing soon:
- Polkadot 2.0 - Elastic Scaling (August?)
- Polkadot Hub - developer and user onboarding platform (October?)
- Polkadot Pay - mobile app (August?)
Catalysts:
- Polkadot 2.0 Launch Party (September?)
- DOT ETFs (decision November)
- DOT Tokenomics 2.0
- Spammening
A huge thank you to our team, @DragonStake and @ssv_network for helping bring this vision to life. Stay tuned – more updates are coming soon!
Excited to announce the launch of our brand-new frontend for SSVScan – the explorer/indexer for the SSV network! check it out! https://t.co/kfgoJPhktT 🚀🔍
Visit https://t.co/kfgoJPhktT now and explore the new frontend! We’d love to hear your feedback as we continue to innovate. #SSVNetwork #SSVScan #FrontendDev #Web3
Whether you’re a validator, operator, or a curious user, the new SSVScan experience puts the power of SSV network data right at your fingertips
Key improvements include: • Responsive design for seamless browsing on any device
• New operator charts & visualizations for detailed performance insights
• Faster load times & smoother navigation
We’ve completely revamped the interface with a clean, modern design that makes it easier than ever to dive deep into SSV network insights in real time
Phala Network has reached a record market cap of about $350 million significantly surpassing the previous ATH, unlike the previous cycle, however, this time the technology for AI Agents is ready! 🔥
When do you think $PHA will be able to surpass the previous ATH of 1.39 usd? 👀
Last Seen Users on Sotwe
putri narapuspita🔥squirting pro 💦
Seen from Indonesia
تركي العتيبي
Seen from France
marco napoli
Seen from United Arab Emirates
Sazan Sarmalı
Seen from Turkey
Somali Slut
Seen from Sweden
シェリー
Seen from Japan
Kenneth Padilla
Seen from Puerto Rico
✨Magic Mia✨
Seen from Mexico
Sego Endog66
Seen from Indonesia
Samet
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers