Hyperbridge has launched a public bug bounty program on HackenProof, offering rewards of up to $50,000 for critical vulnerabilities.
summary
- Hyperbridge is offering $50,000 bounties for critical bugs while researchers review cross-chain messages and the safety of the funds.
- The program follows a fake DOT exploit in April that exposed the risks of verifying evidence via Hyperbridge systems.
- HackenProof rules require proof-of-concept reports while prohibiting direct attacks and third-party exploit testing by researchers.
The program invites independent security researchers to review the protocol database and submit reports through the security platform.
HackenProof page Lists The Hyperbridge Protocol is live and active. He describes Hyperbridge as a system that allows blockchains to communicate and transfer assets through consensus and proofs of state, rather than older bridge models that rely on multi-signature committees.
The rewards cover the main bridge risks
Hyperbridge He said Rewards start at $200 for low-risk reports and rise to $2,000 to $5,000 for moderate results. High-risk bugs can earn between $5,000 and $15,000, while critical vulnerabilities can earn up to $50,000.
The scope covers the complete Hyperbridge protocol repository. The team said researchers can report logic flaws, access control issues, re-entry, cross-chain message spoofing, state tampering and any glitch that could affect the integrity of the message or box.
April exploit prompted security review
The program follows an April exploit in which an attacker minted nearly 1 billion DOT-equivalent counterfeit tokens on Ethereum through a cross-chain Hyperbridge gateway. Crypto news I mentioned The attacker gained administrative control through a forged cross-chain message and extracted approximately $237,000 from ether.
The same report said that the fake offer affected DOT’s bridged representation, while the original Polkadot network remained technically unaffected. It also linked the issue to broader bridge risks, where forged messages and weak verification processes remain common attack paths.
Additionally, Hyperbridge said testing should only be done on local forks. Direct infrastructure attacks, social engineering, and third-party exploits are outside the scope of the software.
The HackenProof page also requires proof-of-concept submissions and lists rules against service outages, access to personal data, spam, DDoS testing, and reports based solely on theory. She says researchers should stay within scope and avoid public disclosure without consent.
The cross-chain use case remains active
Hyperbridge had already been featured in crypto.news coverage before the exploit occurred. In May 2025, Enjin Blockchain user Hyperbridge on the testnet to support cross-chain stablecoin transfers including USDC, Ethereum’s USDT, and BNB Chain.
This previous setup showed why bridge security is important. Users lock tokens on one chain and receive an identical copy on another network. When proof checks fail, risk can move from a single contract to a broader system across the chain. The new reward puts Hyperbridge code under broader review as the protocol works to reduce frequent failures.
