Research
On-chain forensic case studies and vulnerability analysis.
Our Standard
Every investigation published here is the product of HubSec's own forensic tools — not a synthesis of external sources, not a recap of public reporting. If we didn't trace it on-chain ourselves, we don't publish it.
This means fewer publications, but every one carries direct evidentiary weight: transaction-level tracing, fund flow reconstruction, and cluster attribution derived from our own analysis. Quality over volume.
Published
- criticalIndependent InvestigationApril 17, 2026
Hyperbridge Token Gateway Exploit: Second Attacker Investigation
A separate attacker in the same Hyperbridge ISMP gateway exploit siphoned 245.93 WETH ($573,000) directly from the Token Gateway contract using two self-destructing exploit contracts, distributed the proceeds across 15 burner wallets in equal 16.39 ETH batches, and sent everything to Tornado Cash. This attacker struck 53 minutes before the DOT-minting attack covered in the first investigation.
- criticalIndependent InvestigationApril 17, 2026
Hyperbridge Token Gateway Exploit: Independent On-Chain Investigation
On April 13, 2026, at 03:55:23 UTC, an attacker exploited four compounding vulnerabilities in the Hyperbridge ISMP gateway on Ethereum. The attacker forged a cross-chain proof, hijacked admin privileges on Hyperbridge's bridged DOT token contract, minted one billion unbacked DOT tokens, and swapped them for 108.2 ETH through decentralized exchanges.
Each report includes a SHA-256 content hash and a detached PGP signature for independent verification. Learn how verification works →