The Hyperbridge contract encountered an MMR proof replay vulnerability, resulting in a loss of approximately $242,000

According to monitoring by BlockSec, the HandlerV1 contract managed by Hyperbridge has a Merkle Mountain Range (MMR) proof replay vulnerability on the Ethereum network, resulting in a loss of approximately $242,000. The vulnerability arises from the proof not being bound to the request, allowing attackers to replay historically valid proofs and combine them with new forged requests to perform actions such as changing administrator permissions.

In a specific case, the attacker changed the administrator of the Polkadot (DOT) Token and then exploited the permissions to mint additional DOT for profit. Related attack transactions have been observed, including changing the administrator and minting of DOT Token (loss of approximately $237,400), changing the administrator and minting of ARGN Token (loss of approximately $3,800), and host withdrawals, among others.

Previously, it was reported that the Hyperbridge gateway contract was attacked, resulting in the minting and dumping of 1 billion DOT on Ethereum.