Hi,
Us Hyperbridge hack victims have been communicating on Discord, and there are a couple of issues at hand:
- The losses are greater than claimed. Hyperbridge Twitter says $237k impacted, but the losses seem to be $2.5m+. Just with the few people I’ve talked to, the amount of losses already seem to exceed $237k. People have lost their life savings.
- Our requests for updates and transparency have been met with silence (besides their Discord mod, who is doing a great job but also does not know what’s going on with the team). We have not heard from the core team.
We’d like to ask for some assistance from the wider Polkadot ecosystem. What’s the best course of action here for the victims? Real people have lost real money.
1 Like
Thanks for posting this. I’m probably one of the most affected LPs and want to add to it.
From my perspective, Hyperbridge also exists in its current form because of the Web3 Foundation’s investment, the DAO’s native bridge designation, and a 795,000 DOT treasury campaign that explicitly recruited external LPs. The endorsements that brought users in came with responsibility. That responsibility is being tested right now, and the silence from W3F and the core ecosystem is being noted.
I provided into these pools because Hyperbridge was endorsed by the Web3 Foundation as their inaugural funding initiative, designated by the Polkadot DAO as the native bridge, and publicly described as the safest bridge in the ecosystem. The exploit was not a sophisticated cryptographic attack. It was a missing bounds check in HandlerV1 plus a challengePeriod set to zero. Failures any standard audit cycle should have caught. Some of us have lost complete savings and some what amounts to years of work.
What we’re asking for is not unreasonable:
-
A structured recovery framework. The exploit - as far as I know - was Ethereum-side only. Native assets backing legitimate bridged positions should still be locked on Polkadot. A new audited contract plus a pre-exploit snapshot enables 1:1 re-issuance to legitimate holders, with no Treasury spend.
-
The harder problem is the drained ETH/BNB/USDC counter-assets, which can be addressed through unspent DeFi Singularity allocation, a Polytope Labs accountability contribution from their remaining funding (they raised $5.65M and publicly stated 4-year runway), and a targeted Treasury proposal for any shortfall.
-
Financial support from W3F, Polytope Labs, Bifrost, and the broader governance community if necessary to repay the victims.
I kindly ask for your support how to address this and how to file a government proposal to financially support the victims in case Hyperbridge wont or cant compensate us victims.
Thank you