**[Updated Pre-Proposal Discussion] DOT Recovery Loan to Hyperbridge Exploit Victims**

@Hyperbridge @Web3Foundation @Parity @Polkadot - please consider this proposal!

All victims are very open to new ideas and other ways and mechanisms of recovery. If Hyperbridge does not involve in the idea proposed below and Web3 Foundation is not contacting Hyperbridge to work out a realistic and valuable solution to compensate the users, hack victims will prepare a government proposal to compensate the users total losses without Hyperbridge involvement.

On April 16, 2026, Drift Protocol announced a $147.5M recovery package (Tether plus partners) for their $295M exploit. That structure is a direct example of how an ecosystem can take responsibility for endorsed infrastructure.

Proposal:

A Repayable Recovery Loan for Hyperbridge Exploit Victims & Allocation of unused vDOT from Singularity Campaign to Victims

Summary

On April 13, 2026, Hyperbridge’s Token Gateway was exploited via a forged MMR proof (missing bounds check in HandlerV1, challengePeriod set to zero). Hyperbridge has confirmed $2.5M in total realized losses across Ethereum, Arbitrum, Base, and BNB Chain. LP losses in the DeFi Singularity pools are estimated at approximately $1.5-1.8M at the time of the exploit. All affected pools were part of the DeFi Singularity campaign (Referenda #1439), a 795,000 DOT treasury-funded initiative that actively recruited external LPs.

The DeFi Singularity campaign delivered only 336,593 vDOT in incentives during the first 6 months (Polkadot DeFi Singularity Report).

The original campaign allocation was 795,000 DOT, meaning approximately 40% of the allocation (~$600-800K at current prices) remains unspent.

Since the pools these incentives were intended for are now compromised, this unused allocation is a natural candidate for redirection toward LP recovery through governance action

Hyperbridge Is Polkadot Infrastructure

While there is no blame on Polkadot or the Web3 Foundation for the underlying engineering failure at Hyperbridge, it is important to recognize that Hyperbridge is not a third-party protocol that happened to build on Polkadot. The Web3 Foundation itself documents Hyperbridge as core Polkadot infrastructure on Hyperbridge Overview - Polkadot Wiki (Copyright Web3 Foundation). The Wiki describes Hyperbridge as providing “Full Node Security in cross-chain bridges” and guaranteeing “swift, secure, and reliable execution of all cryptographic operations.” W3F led Hyperbridge’s seed round as its inaugural funding initiative. W3F’s CEO publicly stated Hyperbridge “embodies the highest standards of security.” The DAO designated it as the native bridge and allocated 795,000 DOT to recruit LPs into its pools.

Why the Ecosystem Should Act

LPs responded to an official Polkadot DAO campaign. The ecosystem endorsed, funded, promoted, and documented this protocol. Not acting sets the precedent that “the ecosystem will spend Treasury funds to recruit your capital, endorse the product, document it as official infrastructure, and call it the highest standards of security, but if it fails you are on your own.” That precedent suppresses future DeFi participation for years.
Acting here is NOT a blanket bailout. It is specific to DAO-endorsed, treasury-funded campaigns where the ecosystem actively recruited the users who were harmed. That boundary is explicit.

The Proposal

Many affected LPs are also DOT holders who care deeply about the long-term health of the ecosystem. To be clear: this is not a failure of Polkadot. But ignoring Polkadot’s and Web3 Foundation’s involvement in Hyperbridge and its campaigns, along with the endorsements and promotion mentioned above, is not the right path forward either.

The proposal is not a request for a simple bailout. It is a structured risk management response that protects the ecosystem’s reputation, avoids direct sell pressure on DOT, and keeps liquidity aligned within Polkadot. We propose a recovery loan from the Polkadot Treasury (or Web3 Foundation) to the affected LPs, with LPs pledging their recovery claim to the Polkadot Treasury (or Web3 Foundation) and Hyperbridge/Polytope Labs assuming repayment obligation for the residual. All APY incentives received by LPs will be deducted from the Polkadot recovery loan amount.

Victims receive their recovery loan through linear 12 month vesting to avoid market impact, while the Treasury is fully protected through any recovered amount (eg locked on Binance) and Hyperbridge’s repayment commitment from multiple independent streams including unused vDOT from the Singularity campaign or other incentives.

How It Works (5 Steps)

• a. The Polkadot Treasury (or Web3 Foundation) provides a recovery loan in DOT directly to victims.
• b. The loan is paid directly to verified affected LPs, NOT to Hyperbridge. Distribution is linear over 12 months (1/12 monthly) to eliminate sell pressure.
• c. Claims are calculated as net loss only: capital deposited MINUS all earned vDOT rewards. Victims forfeit rewards against the recovery amount.
• d. Hyperbridge/Polytope Labs assumes repayment obligation to the Treasury through multiple independent streams: bridge fees from Intent Gateway (operational) and Token Gateway (post-relaunch), BRIDGE token treasury distributions (35% of total supply, already committed as residual backstop), outstanding vDOT rewards from the DeFi Singularity campaign, unspent Singularity allocation, Binance recovery proceeds.
• e. The Treasury gets its DOT back over time

Claim Calculation and Estimated Amount

• Net loss only: documented capital deposited minus all vDOT rewards earned during the campaign. Exact amount determined on the basis of a verified pre-exploit snapshot across all four affected chains.
• Preliminary estimate: $1.5-1.8M total LP losses before reward deduction. Actual Treasury loan may be significantly lower after final accounting. Exact figures specified before any formal referendum.
• Distribution to Victims: 12-Month Linear Vesting, 1/12 released monthly
• No sell pressure: At the upper estimate of $1.8M before deductions, maximum monthly distribution is only approximately $150K. DOT’s daily trading volume exceeds Millions across exchanges. DOT circulating supply is 2.2 billion. Zero systemic risk or sell pressure.

Repayment to Treasury

Repayment runs separately from victim distribution. Hyperbridge/Polytope Labs assumes the full repayment obligation from:

• a. Bridge fees from Intent Gateway (operational) and Token Gateway (post-audit relaunch)
• b. BRIDGE token treasury distributions (35% of total supply)
• c. Binance recovery proceeds (“a significant amount” as stated by Hyperbridge)
• d. Outstanding vDOT rewards from the DeFi Singularity campaign and other unspent DeFi Singularity campaign allocation to Hyperbridge and BiFrost
• On-chain repayment tracking. If recovery resolves quickly, repayment completes in months. If slower, bridge fee revenue and BRIDGE treasury distributions continue until fully repaid.

Hyperbridge in Numbers

• Over $400M cumulative processed volume (February 2026)
• 14 connected networks (Ethereum, Arbitrum, Base, BNB, Optimism, Polygon, others)
• Ranked 5th most active bridge by daily addresses on Token Terminal (November 2025)
• 59,000+ cross-chain messages processed
• Intent Gateway launched September 2025, continues operating normally

Preempting Common Objections

• “LPs accepted the risk when they participated.” LPs accepted market risks: impermanent loss, altcoin volatility, price depreciation. What they did not accept is engineering negligence in infrastructure W3F itself endorses and documents as core Polkadot infrastructure. A missing bounds check plus challengePeriod hardcoded to zero is not novel cryptographic failure. It is a basic implementation error any standard audit cycle should have caught.

• “The yields were high, no compensation warranted.” DeFi Singularity pools offered no more than 10-15% APR at the end, even before accounting for impermanent loss and altcoin price depreciation. After those factors, effective returns were significantly lower. The S&P 500 delivers 8-10% per year with zero effort, no IL, no smart contract exposure. Higher DeFi APR exists to compensate for Impermanent Loss and volatility, not for implementation failures in endorsed infrastructure. And in any case: All earned vDOT rewards are deducted from claims. Net loss only.

• “This sets a dangerous precedent for bailing out every hack.” The precedent is specific and narrow: when the DAO actively funds a campaign that recruits external users into endorsed infrastructure, and that infrastructure fails due to implementation negligence, the ecosystem responds. Unendorsed third-party exploits would not qualify. The opposite precedent, not acting, is worse: it tells future users they are on their own even after responding to DAO recruitment and infrastructure promotion and endorsement by Polkadot, Web 3 Foundation and its top level management and founders.

• “The Treasury should not cover application-layer losses.” Hyperbridge is not application-layer. It is documented as Polkadot infrastructure by W3F on its own Wiki, DAO-designated as native bridge, W3F inaugural funding initiative, and promoted with 795,000 DOT. Treating it as a random third-party app contradicts the ecosystem’s own documentation.

• The connection here is strong: Hyperbridge exists because of W3F seed funding, was DAO-designated as native bridge, and was promoted with a direct treasury allocation that recruited the harmed users.

• “Privatising the upside, socialising the downside.” Neither applies. Upside is not privatised: all earned vDOT rewards get deducted from recovery. Downside is not socialised: this is a repayable loan, not a grant. Temporary Treasury risk for reasons mentioned above, not permanent loss.

• “Trust issue with Hyperbridge, why give them more?” The loan goes directly to victims, not to Hyperbridge.

What This Does NOT Ask For

• No new DOT emission (compliant with March 2026 supply cap)
• No grant (repayable loan with on-chain tracking)
• No windfall (reward forfeiture, net loss only)
• No precedent for bailing out every hack
• No sell pressure (12-month linear vesting, ~$150K/month max vs Millions of daily DOT trading volume)

Next Steps

• a. Community discussion on this framework
• b. Await Hyperbridge post-mortem with final on-chain accounting
• c. Hyperbridge/Polytope Labs to formally accept repayment by using above mentioned income streams (we have asked the team to take ownership of this proposal; if they do not engage, the affected LP community will bring it forward)
• d. Web3 Foundation / Polkadot Treasury engagement as lead investor
• e. Bifrost engagement on outstanding vDOT distribution
• f. Formal OpenGov referendum once terms are agreed and figures confirmed

Closing
Technology without users is dead. Polkadot has world-class engineering, world-class validators, world-class consensus. What it needs now is users who trust that when they respond to an ecosystem-funded, ecosystem-endorsed campaign, the ecosystem stands with them when something fails. This proposal is cost-neutral if repayment works. It is a direct precedent for how a mature ecosystem handles crises. It is the response that protects Polkadot’s credibility for years to come.

This is a pre-proposal for discussion. We welcome feedback from anyone with OpenGov experience, from Polytope Labs and W3F directly, and from other affected LPs.

References: Hyperbridge Security Update (April 13) | Hyperbridge Recovery Update (April 16) | Drift/Tether Recovery Announcement (April 16) | Hyperbridge 2025 Recap | Polkadot Wiki: wiki.polkadot.com/learn/learn-hyperbridge (Copyright Web3 Foundation)

hi, thank you for coming forward with this idea.

I am not sure if voters will find it agreeable, but I think it is sophisticated enough to at least consider it and think it through.

Some hygiene questions:

• Are you associated with Hyperbridge?
• If not, have you reached out to the Hyperbridge team to discuss the idea with them?

Sorry you’re in this position. I’d like to hear directly from the Hyperbridge team on this, since it’s their responsibility to address, not the ecosystem or treasury. If there are known issues or weaknesses, they should acknowledge them and share a remediation plan. to trust or not to trust that is the question…

Hello team,

Thank you for sharing this proposal. I support finding a fair solution for the victims, but before supporting any Treasury involvement, I believe a few points need to be clarified in order to protect DOT holders.

First, we need a clear answer to this question: is the Treasury helping the victims, or indirectly bailing out Hyperbridge? If the Treasury provides funds upfront while repayment depends on Hyperbridge/Polytope Labs, then the risk is effectively being shifted from the project to DOT holders.

That is why the key question is: what is the legal repayment obligation of Hyperbridge/Polytope Labs? Will there be a binding legal structure, clear repayment commitments, and an enforceable mechanism if repayment does not happen as planned?

The proposal itself also notes that Web3 Foundation was an early backer, and that Polytope Labs still has venture backing and around four years of runway. In my view, if the goal is to protect DOT holders, the order of loss absorption should be: equity / insiders / token treasury / future fees / recovery proceeds before Treasury, rather than placing Treasury in a first-loss position.

If Treasury participation is still considered necessary, I think more cautious structures should be explored, for example:

- Treasury only provides a partial guarantee, instead of taking the full risk.

- Treasury provides a bridge loan with milestone-based disbursement, tied to clear conditions around asset recovery, internal/backer capital contributions, and repayment progress.

In short, I am not against supporting the victims, but the proposal should clearly demonstrate that Treasury is not being asked to take risk ahead of insiders and existing investors.

Best regards,

If Hyperbridge previously raised around $5.35M, the first question is where that risk buffer went. Why couldn’t the project absorb the loss using its own resources first, instead of immediately turning to the Polkadot Treasury?

Right now, this “loan” looks more like shifting application-layer losses onto the broader ecosystem. Without clear risk rules or repayment guarantees, this could easily set a precedent for implicit bailout expectations.

Supporting users is reasonable, but the boundary of responsibility still needs to be clearly defined.

Hi, another victim here.

Many of us have reached out to the Hyperbridge team but we are only met with responses from their Discord mod. We would love to engage with Hyperbridge team directly as well, but public forums like this seem to be the best way to indirectly communicate with them.

The official Hyperbridge recovery plan announced yesterday by the team Update on Recovery Efforts and Next Steps is simply as follows:

1. They will try to recover the funds from the hacker
2. If that’s not possible, they will allocate $BRIDGE to cover for the difference, one year from now.

That is to say.. in the likely case that the funds are not recovered, Hyperbridge/Polytope currently assumes no responsibility besides promising tokens that are currently unknown in value a year from now, putting victims in a perilous position.

Is anyone here able to get in contact with Hyperbridge directly? For the loan proposal to be viable, it would need a repayment commitment/guarantee from the Hyperbridge team.

Thank you for your message! No, I am not associated with Hyperbridge. I am an affected LP. Yes, I have reached out to Polytope Labs directly at ops@polytope.technology and asked them to take ownership of this proposal and submit it themselves as a formal governance proposal. I have also contacted the Web3 Foundation separately. If Hyperbridge engages and takes the lead on this, that is the preferred outcome. Only if they do not act would I, together with other affected LPs, bring this to a vote ourselves.

Participants in Hyperbridge weren’t passive victims. They were actively earning high APY from the DOT LP incentives, and they were fully aware — or at least should have been — of the risks involved, especially bridge risk, which is one of the most well-known weak points in DeFi.

You can’t take the rewards when things go well, and then expect the entire ecosystem to absorb the losses when things go wrong. That’s not user protection — that’s just risk externalization.

If this proposal is approved, it sets a dangerous precedent: any future DeFi exploit could easily turn into a Treasury bailout.

At a minimum, losses should be handled in this order:

• First, the protocol’s own reserves and team resources

• Then, the participants who willingly took on the risk

Otherwise, we’re not building a resilient system — we’re building an expectation of bailouts.

Thank you for raising these points. They deserve a direct response.

On the precedent concern: We understand why this is raised, and we want to address it carefully. The relevant distinction is whether the ecosystem actively recruited the users who were harmed. In this case, the DAO funded a 795,000 DOT campaign that specifically targeted external LPs to deposit into these exact pools. That is fundamentally different from a random third-party protocol exploit. The boundary should be explicit in any final proposal: ecosystem-endorsed, treasury-funded campaigns carry ecosystem accountability. Unendorsed products do not.

We would also note that not acting here sets its own precedent. It tells every future LP considering a Polkadot DeFi initiative: the ecosystem will spend Treasury funds to recruit your capital, but if the endorsed product fails, you absorb 100% of the loss. That message will suppress DeFi participation in Polkadot far more than a structured, repayable loan ever could.

On rewards: This is a fair concern. We will adjust the proposal so that all earned vDOT rewards are deducted from recovery claims. If an LP earned $5,000 in vDOT rewards over 8 months, their claim is reduced by $5,000. Net loss only. The Treasury should not cover losses that were already offset by yield.

On risk awareness: LPs accepted standard DeFi risks, absolutely. Impermanent loss, smart contract risk, market volatility. What they did not accept is a missing bounds check in a Solidity function combined with a challengePeriod set to zero. That is not “bridge risk” in the abstract. That is an implementation failure that any standard audit cycle should have caught. There is a meaningful difference between accepting market risk and being exposed to negligent engineering in a product the DAO itself designated as the native bridge.

On the loss absorption order: We fully agree, and the updated proposal already reflects this:

1. Polytope Labs / insider capital first
2. BRIDGE token treasury
3. Binance recovery + native DOT escrow + vDOT
4. Bridge fee revenue over time
5. Treasury loan only for the verified gap after 1-4

The Treasury is last in line, not first. And it is a loan that gets repaid, not a grant.

Thank you for the constructive feedback. These points are making the proposal stronger.

Thank you, these are important questions.

On the $5.35M: We do believe Polytope Labs should make a meaningful contribution as part of the recovery framework, proportional to what they can sustain without ceasing operations. The updated proposal reflects this: Polytope contributes what they can such as future bridging fees, BRIDGE token treasury, remaning vDOT and victims pledge Binance recovery of hacked funds.

On “shifting losses to the ecosystem”: This is a valid concern if the Treasury were providing a grant. It is not. This is a repayable loan with six identified repayment streams. If the framing is that any Treasury involvement equals a bailout, then by that logic the Treasury should never have funded the 795,000 DOT DeFi Singularity campaign that recruited these LPs in the first place. The ecosystem chose to actively bring these users in. The question is whether it also accepts a role in the resolution when the endorsed product fails.

On repayment guarantees: We welcome suggestions on how to strengthen enforcement. These details should be worked out with Hyperbridge and the community before any referendum is submitted.

On the boundary of responsibility: We fully agree this needs to be explicit. The proposed boundary is: ecosystem-endorsed, treasury-funded campaigns where the DAO actively recruited external users carry ecosystem accountability. Unendorsed third-party protocols do not. This is not a blanket precedent. It is a specific response to a specific set of facts.

Thank you for the empathy. We agree that primary responsibility sits with Hyperbridge, and we have asked their team directly to take ownership of this process and submit their own formal governance proposal. We hope they will.

The reason the ecosystem is part of this conversation is that these were not random third-party pools. They were created through the DeFi Singularity campaign (Referenda #1439), funded with 795,000 DOT from the Treasury, with Hyperbridge designated as the native bridge by the DAO. The ecosystem endorsed, funded, and promoted the product that failed. That does not shift the blame away from Hyperbridge’s engineering failure, but it does make the broader ecosystem a stakeholder in finding a resolution.

On trust: the proposed loan structure is specifically designed so that trust is not required. The Treasury lends, Hyperbridge has a binding repayment obligation through multiple streams, and the Treasury gets its DOT back but we deduct received vDOT returns since the campaign started. If Hyperbridge delivers, trust is rebuilt through action. If they don’t, the collateral streams provide fallback. That is “trust but verify” in practice.

I am also one of the users who suffered losses from the hack. What I want to say is:

• Besides those participating in the LP program, there are users who only bought or bridged DOT and left it passively, and they should be compensated similarly to the LPs.
• I know that from the beginning, the W3F invested in Hyperbridge, considering it a native bridge protocol. Polkadot’s fan page on X also promoted Hyperbridge, and even Gavin Wood praised Hyperbridge on his social media account. Without all these events, I would never have put my money in Hyperbridge. I’m certain that Parity and the W3F must bear some responsibility.
• The 12-month repayment period for $1.5M USD is impossible for Hyperbridge; it should be extended based on their actual profits.
• The majority of users who lost assets are loyal DOT holders; they certainly wouldn’t sell DOT if they were compensated. I myself suffered significant losses. If I didn’t believe in DOT’s vision, I would have sold it long ago instead of holding it until the current price of $1. If this issue isn’t resolved smoothly, Polkadot will suffer huge losses. No one will care about DOT’s technology or how good its vision is anymore.
• Hope we will find the way to resolve this significant issue.

Summary of Proposal Updates

Based on the constructive community feedback received, the following changes have been incorporated into the revised proposal:

• LP losses estimated at $1.5-1.8M, separate from the $2.5M headline which includes native DOT escrow drains unrelated to LP positions. Exact figures to be determined on the basis of a verified pre-exploit snapshot across all four chains.

• All earned vDOT rewards will be deducted from recovery claims. Net loss only, no windfall.

• Mechanism clarified: Treasury provides loan directly to victims over 12 months (1/12 monthly). Hyperbridge repays the Treasury separately over time through bridge fees, BRIDGE token treasury, Binance recovery, vDOT, and Polytope Labs contribution. Two independent processes.

Hyperbridge revenue capacity documented: $400M cumulative volume, 14 networks, Intent Gateway operational.

• At $1.8M upper estimate (before reward deduction), maximum monthly distribution is ~$150K, negligible against DOT’s $100M+ daily volume.

• We have asked the Hyperbridge team to take ownership and submit this as their own governance proposal. If they do not engage, the affected LP community will bring it forward.

Privatising the upside and socialising the downside – seems good lmao.

I’m all for trying to recover funds via law enforcement or whatever – more power to you. Or Hyperbridge trying to make people whole – but personally, I disagree with the Polkadot treasury bailing out people who were primarily using Hyperbridge to capitalize on high APYs.

When you use any bridge or DeFi product, you, the user, the one who signs the transactions, should be aware of the risks and accept some level of responsibility if it goes tits up.

I know people in this thread will disagree with me, of course.

Thanks but you have to consider the following:

On “privatising the upside”: We have updated the proposal so that all earned vDOT rewards are deducted from claims. Net loss only. Nobody is keeping yield and also asking for recovery. That concern is addressed.

On “socialising the downside”: This is a loan, not a bailout. The Treasury lends DOT to victims, Hyperbridge repays the Treasury over time through bridge fees, BRIDGE token treasury, Binance recovery, and other streams. If repayment works, the Treasury loses nothing. The downside is not socialised, it is temporarily fronted and then returned.

On user responsibility: LPs accepted DeFi risk. Impermanent loss, market volatility, smart contract risk. What they did not accept is a missing bounds check combined with a challengePeriod set to zero in the official DAO-designated native bridge, promoted through a 795,000 DOT treasury-funded campaign. There is a difference between “I signed a transaction on a random protocol” and “I responded to an official Polkadot DAO recruitment campaign into an ecosystem-endorsed product.” The ecosystem actively brought these users in.

If the position is that users should bear 100% of the loss when a DAO-endorsed, treasury-funded product fails due to negligent engineering, that is a coherent position. But it has consequences: no rational LP will participate in the next Polkadot DeFi campaign. That is a cost the ecosystem should weigh against a repayable loan.

I would argue that this is extremely optimistic, borderline unrealistic, that these funds will end up being recouped by the Polkadot treasury.

As per your comment above my initial one, it seems you are still waiting to hear back from the Hyperbridge/Polytope labs team – so the main form of recovery is the Hyperbridge treasury and repayments, which seem not to have been agreed upon by the team or their parachain’s token holders? – so I am very skeptical

Let’s see how the vote goes, I guess

Hello everyone!

I was one of the liquidity providers. My losses from the hack amount to tens of thousands. I ask you to read further and, if possible, draw conclusions based on the facts.

Before the incident, the majority of TVL in the pools (ETHDOT, ARBDOT, BASEDOT) was concentrated across 5-6 accounts. According to DeBank, the total value of assets on some addresses exceeded $1 million, with account creation dates going back a long time (1.5–2 years). That is, the funds in the pools were placed not by newcomers, but by people who understand and can take responsibility for the actual risks in DeFi.

Over the last 2–3 months, the pools did not show high yield. It was around 22–23%. But what is important is that the pools were perceived as a very reliable tool for several reasons:

1. The Polkadot DeFi Singularity campaign. Here, “Polkadot” is a brand. The official Polkadot channel on X confirmed the adoption of this program.

2. On the official website wiki.polkadot.com, there is a description of HyperBridge. Here are just some of the definitions:

   Hyperbridge (short for hyper-scalable bridge) is innovated as a cross-chain solution built as an interoperability coprocessor. Hyperbridge is crafted to scale cryptographically secure, consensus, and state-proof-based interoperability across all blockchains.
   …
   This capability enables the distribution of the validation workload for consensus, state proofs, and state transition re-execution across various designated cores. Hence, Polkadot is utilized by Hyperbridge as a verifiable computation layer to provide the “Full Node Security” in cross-chain bridges.
   …
   The Barretenberg backend: Within the realm of Hyperbridge, Barretenberg functions as a powerhouse engine, adeptly managing intricate mathematical computations. As the backend infrastructure, it guarantees the swift, secure, and reliable execution of all cryptographic operations within the Hyperbridge ecosystem.
   …
   The ultimate goal is to ensure a widespread and verifiable agreement among network participants, enhancing the security and reliability of the distributed ledger.

3. From the description of the Polkadot DeFi Singularity program, it follows that one of the main tasks was to attract liquidity to the ecosystem, improve brand recognition, and increase loyalty. To operate the liquidity pools, only one bridge option was proposed — HyperBridge, which was also mentioned many times on the official X account and was presented by the ecosystem as secure.

I (we) realize that investing (working with pools) carries risks. But in this particular case, based on the principle of reasonableness and fairness, it can be assumed that the ecosystem itself also bears responsibility for this incident.

From the program description: “Polkadot will significantly increase the utility, recognition, and adoption of DOT as a key asset in the Web3 ecosystem.” Link to the Google Docs file in https://polkadot.subsquare.io/referenda/1439

The HyperBridge hack can now be turned to the benefit of the Polkadot ecosystem. Technology without users is dead. There needs to be more “friendliness”, to be more open and fair to its users, to show loyalty.

Resolving incidents like this is precisely the best advertisement — with media coverage of it. Not a “sea of corpses” for the sake of creating perfect technology, where users are just consumables, and the HyperBridge problem is just an unfortunate misunderstanding.

I myself am a holder of the DOT token; I buy more on dips. It is hard to watch it “move south”.

I ask community members, delegates, and leaders to pay attention to this topic. If possible, take part in the discussion to reach a compromise solution that would allow the project not to lose its investment and reputational appeal, but at the same time not to bear losses for someone else’s risks.

After the Yearn Hack, Yearn immediately allocated unused OP rewards of the campaign to the hack victims.

The DeFi Singularity campaign delivered only 336,593 vDOT in incentives during the first 6 months ( Polkadot DeFi Singularity Report ).

The original campaign allocation was 795,000 DOT, meaning approximately 40% of the allocation (~$600-800K at current prices) remains unspent.

Since the pools these incentives were intended for are now compromised, this unused allocation is a natural candidate for redirection toward LP recovery through governance action

SatoshiPay (LSE-listed @BlueStarCapital portfolio company) just confirmed $250K exposure to the @hyperbridge exploit via official RNS statement.

They state they are “engaging with the relevant counterparties and ecosystem participants” and in “ongoing discussions aimed at achieving an appropriate resolution for affected liquidity providers.” Good to hear there are active discussions with the ecosystem.

We sincerely hope any resolution reached includes ALL affected LPs - not just SatoshiPay. Retail and institutional LPs who responded to the same DAO-funded DeFi Singularity campaign (795K DOT) deserve the same path to recovery.

This is a reply to calls for comments made on Subsquare.

and

First and foremost, sorry for the damage caused to all Hyperbridge’s LPs. Hacks and losses like these reduce financial pain and loss to numbers, news, statistics and influencers posts something that is not optimal to measure the financial and reputational damage caused by such events. Being in Crypto for as long, witnessing Euler’s exploit first row, helps understand it from all the perspectives.

Second, Saxemberg is no longer a W3F delegate of their stake and it’s not fulfilling any role with or within the W3F directly or its stake following this announcement.

https://medium.com/web3foundation/decentralized-voices-closing-this-chapter-carrying-the-lessons-forward-e10d3a46a7b6

So this comes as company with Hyperbridge collators and rekt LP Hyperbridge provision. You won’t see a bailout from Polkadot to Hyperbridge LPs because there is no systemic risk which simply means the main entities in the network and not affected or not that affected. Ethereum is scrambling to save AAVE because its close connection to Ethereum’s founders’ funds, means of production and future income. Circle already realized that and others are doing it too.

Even in the event of one (according to Polytope’s last post, any hole will be filled with BRIDGE tokens starting from 2027 ), you first need to ask for clarification to Hyperbridge about the amounts held in their control and the amount of bad debt like the DOT from LPs that was arbitraged out of their possession (we should know about that when the 15 day period expires, right?), the amount held by exchanges vs the one that was already considered gone (Tornado’d, etc). That is the job of Hyperbridge / Polytope Labs and partners who have not been able to provide any concrete answers of amounts or timelines. With that information it’d be easier to estimate real losses, potential haircuts to LPs and potential real recovery because as many already understand, everything that entered Tornado or similar is already gone and claiming that law enforcement is working on recovery of Tornado’d funds would be wishful thinking that has almost never happened even if they were “caught in 4K”. All that can be realistically recovered are tokens that went though an exchange. So unless Polytope comes with a real picture in a timely manner most if not all of these ideas are moot and will be likely voted against completely if a Polkadot referendum were to be launched.

So hopefully a real picture of losses and potential recovery plus tokens given through the DeFi singularity campaign could be used to cover the bad debt by now. Just like Yearn did with OP. And that in theory shouldn’t need a vote anywhere as those ref 1439 funds are available and there is no reason not to disburse those tokens to affected parties. But again that should come through communication from Polytope who hasn’t confirmed that yet. Honestly, that could happen much sooner, even if the 2.5M figure remains fully unrecovered the funds for 1439 should be disbursed as soon as possible to the distressed LPs which should cover more or less 30-32% of their position.

In any event, hopefully new meaningful communication shows up from the team with real timelines and figures in order to plan ahead significantly.