{"id":73095,"date":"2026-04-17T09:22:08","date_gmt":"2026-04-17T02:22:08","guid":{"rendered":"https:\/\/hbbgroup.net\/polkadot-ethereum-bridge-hack-losses-were-10x-worse-than-reported-team-admits\/"},"modified":"2026-04-17T09:43:30","modified_gmt":"2026-04-17T02:43:30","slug":"polkadot-ethereum-bridge-hack-losses-were-10x-worse-than-reported-team-admits","status":"publish","type":"post","link":"https:\/\/hbbgroup.net\/vi\/polkadot-ethereum-bridge-hack-losses-were-10x-worse-than-reported-team-admits\/","title":{"rendered":"Polkadot\u2013Ethereum bridge b\u1ecb hack g\u00e2y thi\u1ec7t h\u1ea1i g\u1ea5p 10 l\u1ea7n so v\u1edbi b\u00e1o c\u00e1o ban \u0111\u1ea7u, \u0111\u1ed9i ng\u0169 th\u1eeba nh\u1eadn"},"content":{"rendered":"<div>\n<p><strong>T\u00f3m t\u1eaft nhanh<\/strong><\/p>\n<ul>\n<li>V\u1ee5 exploit c\u1ee7a Hyperbridge nghi\u00eam tr\u1ecdng h\u01a1n kho\u1ea3ng 10 l\u1ea7n so v\u1edbi \u01b0\u1edbc t\u00ednh ban \u0111\u1ea7u, v\u1edbi thi\u1ec7t h\u1ea1i hi\u1ec7n kho\u1ea3ng $2.5 tri\u1ec7u.<\/li>\n<li>Giao th\u1ee9c tr\u01b0\u1edbc \u0111\u00f3 b\u00e1o c\u00e1o ch\u1ec9 kho\u1ea3ng $237,000 b\u1ecb khai th\u00e1c.<\/li>\n<li>Ph\u1ea7n l\u1edbn t\u00e0i s\u1ea3n b\u1ecb \u0111\u00e1nh c\u1eafp \u0111\u00e3 \u0111\u01b0\u1ee3c truy v\u1ebft, v\u00e0 \u0111\u1ed9i ng\u0169 \u0111ang ph\u1ed1i h\u1ee3p v\u1edbi c\u01a1 quan ch\u1ee9c n\u0103ng \u0111\u1ec3 \u0111\u00f3ng b\u0103ng v\u00e0 thu h\u1ed3i.<\/li>\n<\/ul>\n<p>V\u1ee5 exploit d\u1eabn \u0111\u1ebfn vi\u1ec7c mint 1 t\u1ef7 token wrapped Polkadot \u0111\u1ea7u tu\u1ea7n n\u00e0y th\u1ef1c t\u1ebf nghi\u00eam tr\u1ecdng h\u01a1n nhi\u1ec1u so v\u1edbi b\u00e1o c\u00e1o ban \u0111\u1ea7u, theo \u0111\u1ed9i ng\u0169 \u0111\u1ee9ng sau Hyperbridge.<\/p>\n<p>Nh\u1eefng g\u00ec ban \u0111\u1ea7u \u0111\u01b0\u1ee3c cho l\u00e0 ch\u1ec9 g\u00e2y thi\u1ec7t h\u1ea1i $237,000 li\u00ean quan \u0111\u1ebfn bridge gi\u1eefa Polkadot v\u00e0 Ethereum th\u1ef1c ch\u1ea5t \u0111\u00e3 l\u00ean t\u1edbi g\u1ea7n $2.5 tri\u1ec7u\u2014t\u0103ng h\u01a1n 10 l\u1ea7n so v\u1edbi \u01b0\u1edbc t\u00ednh ban \u0111\u1ea7u.<\/p>\n<p>\u201cAttacker \u0111\u00e3 khai th\u00e1c m\u1ed9t l\u1ed7 h\u1ed5ng trong logic x\u00e1c minh proof Merkle Mountain Range (MMR), cho ph\u00e9p \u0111\u1ed1i t\u01b0\u1ee3ng mint t\u00e0i s\u1ea3n v\u00e0 r\u00fat c\u1ea1n c\u00e1c t\u00e0i s\u1ea3n b\u1ecb kh\u00f3a trong escrow tr\u00ean Token Gateway,\u201d \u0111\u1ed9i ng\u0169 cho bi\u1ebft trong b\u00e1o c\u00e1o postmortem v\u00e0o th\u1ee9 N\u0103m.<\/p>\n<\/div>\n<div>\n<blockquote><p>K\u1ebb t\u1ea5n c\u00f4ng \u0111\u00e3 r\u00fat kho\u1ea3ng 245 Ethereum t\u1eeb m\u1ed9t h\u1ee3p \u0111\u1ed3ng TokenGateway li\u00ean quan.<\/p>\n<p>Kho\u1ea3ng m\u1ed9t gi\u1edd sau, m\u1ed9t th\u00f4ng \u0111i\u1ec7p cross-chain gi\u1ea3 m\u1ea1o \u0111\u00e3 v\u01b0\u1ee3t qua c\u01a1 ch\u1ebf x\u00e1c minh MMR proof, cho ph\u00e9p attacker mint 1 t\u1ef7 token DOT \u0111\u01b0\u1ee3c bridge t\u1eeb Polkadot v\u00e0 x\u1ea3 ch\u00fang v\u00e0o th\u1ecb tr\u01b0\u1eddng thanh kho\u1ea3n m\u1ecfng.<\/p>\n<p>\u2014 Hyperbridge (@hyperbridge) <a href=\"https:\/\/twitter.com\/hyperbridge\/status\/2044750866284966062?ref_src=twsrc%5Etfw\" data-wpel-link=\"internal\">April 16, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<p>\u201c\u01af\u1edbc t\u00ednh ban \u0111\u1ea7u m\u00e0 ch\u00fang t\u00f4i c\u00f4ng b\u1ed1 v\u1ec1 thi\u1ec7t h\u1ea1i th\u1ef1c t\u1ebf l\u00e0 kho\u1ea3ng $237,000, d\u1ef1a tr\u00ean l\u01b0\u1ee3ng DOT bridge b\u1ecb b\u00e1n ra c\u00f3 th\u1ec3 quan s\u00e1t ngay tr\u00ean Ethereum,\u201d \u0111\u1ed9i ng\u0169 cho bi\u1ebft. \u201cCon s\u1ed1 \u0111\u00f3 kh\u00f4ng ph\u1ea3n \u00e1nh \u0111\u1ea7y \u0111\u1ee7 to\u00e0n b\u1ed9 s\u1ef1 vi\u1ec7c, nh\u01b0 ch\u00fang t\u00f4i \u0111\u00e3 ph\u00e1t hi\u1ec7n sau \u0111\u00f3.\u201d<\/p>\n<p>Ngo\u00e0i kho\u1ea3n l\u1ed7 $237,000 c\u00f3 th\u1ec3 quan s\u00e1t, m\u1ed9t smart contract \u0111\u00e3 b\u1ecb exploit \u0111\u1ec3 r\u00fat 245 ETH (kho\u1ea3ng $561,000) ch\u1ec9 v\u00e0i gi\u1edd tr\u01b0\u1edbc khi di\u1ec5n ra vi\u1ec7c mint token DOT \u0111\u1ed9c h\u1ea1i. B\u00ean c\u1ea1nh \u0111\u00f3, ba blockchain li\u00ean quan g\u1ed3m Base, Arbitrum v\u00e0 BNB Chain c\u0169ng b\u1ecb \u1ea3nh h\u01b0\u1edfng, tr\u00e1i ng\u01b0\u1ee3c v\u1edbi b\u00e1o c\u00e1o ban \u0111\u1ea7u r\u1eb1ng ch\u1ec9 wrapped DOT tr\u00ean Ethereum b\u1ecb t\u00e1c \u0111\u1ed9ng.<\/p>\n<p>\u201cSau khi \u0111\u1ed1i so\u00e1t ho\u1ea1t \u0111\u1ed9ng c\u1ee7a attacker tr\u00ean c\u1ea3 b\u1ed1n chain, b\u1ea3n ch\u1ea5t hai giai \u0111o\u1ea1n c\u1ee7a cu\u1ed9c t\u1ea5n c\u00f4ng v\u00e0 c\u00e1c kho\u1ea3n l\u1ed7 t\u1eeb c\u00e1c incentive pool li\u00ean quan, t\u1ed5ng thi\u1ec7t h\u1ea1i th\u1ef1c t\u1ebf \u0111\u01b0\u1ee3c \u0111i\u1ec1u ch\u1ec9nh l\u00ean kho\u1ea3ng $2.5 tri\u1ec7u, t\u00ednh theo ETH v\u00e0 Polkadot t\u1ea1i th\u1eddi \u0111i\u1ec3m exploit,\u201d \u0111\u1ed9i ng\u0169 cho bi\u1ebft.<\/p>\n<p>S\u1ed1 t\u00e0i s\u1ea3n b\u1ecb \u0111\u00e1nh c\u1eafp \u0111\u00e3 \u0111\u01b0\u1ee3c truy v\u1ebft \u0111\u1ebfn m\u1ed9t \u0111\u1ecba ch\u1ec9 n\u1ea1p ti\u1ec1n tr\u00ean Binance, v\u00e0 d\u1ef1 \u00e1n \u0111\u00e3 l\u00e0m vi\u1ec7c v\u1edbi \u0111\u1ed9i ng\u0169 compliance c\u1ee7a s\u00e0n c\u00f9ng c\u01a1 quan th\u1ef1c thi ph\u00e1p lu\u1eadt \u0111\u1ec3 \u0111\u00f3ng b\u0103ng v\u00e0 thu h\u1ed3i t\u00e0i s\u1ea3n\u2014tuy nhi\u00ean kh\u00f4ng k\u1ef3 v\u1ecdng c\u00f3 k\u1ebft qu\u1ea3 s\u1edbm.<\/p>\n<p>\u201cCh\u00fang t\u00f4i \u0111ang t\u1eadn d\u1ee5ng m\u1ecdi k\u00eanh c\u00f3 th\u1ec3, nh\u01b0ng th\u1eddi gian th\u1ef1c t\u1ebf \u0111\u1ec3 thu h\u1ed3i trong c\u00e1c tr\u01b0\u1eddng h\u1ee3p nh\u01b0 v\u1eady th\u01b0\u1eddng k\u00e9o d\u00e0i nhi\u1ec1u th\u00e1ng, th\u1eadm ch\u00ed c\u00f3 th\u1ec3 l\u00ean t\u1edbi m\u1ed9t n\u0103m,\u201d \u0111\u1ed9i ng\u0169 cho bi\u1ebft th\u00eam.<\/p>\n<p>D\u00f9 m\u1ee5c ti\u00eau l\u00e0 ho\u00e0n tr\u1ea3 \u0111\u1ea7y \u0111\u1ee7 cho ng\u01b0\u1eddi d\u00f9ng b\u1ecb \u1ea3nh h\u01b0\u1edfng, giao th\u1ee9c cho bi\u1ebft h\u1ecd \u201ccam k\u1ebft ph\u00e2n b\u1ed5 token BRIDGE theo c\u1ea5u tr\u00fac \u0111\u1ec3 b\u00f9 \u0111\u1eafp ph\u1ea7n thi\u1ec7t h\u1ea1i c\u00f2n l\u1ea1i\u201d n\u1ebfu kh\u00f4ng th\u1ec3 thu h\u1ed3i t\u00e0i s\u1ea3n.<\/p>\n<p>Tuy nhi\u00ean, token BRIDGE\u2014native token c\u1ee7a giao th\u1ee9c\u2014c\u00f3 thanh kho\u1ea3n r\u1ea5t th\u1ea5p, v\u1edbi kh\u1ed1i l\u01b0\u1ee3ng giao d\u1ecbch ch\u1ec9 kho\u1ea3ng $1,800 trong 24 gi\u1edd khi \u0111\u01b0\u1ee3c giao d\u1ecbch quanh m\u1ee9c $0.006 v\u00e0o ng\u00e0y 29\/3, theo d\u1eef li\u1ec7u t\u1eeb CoinGecko. \u1ede m\u1ee9c gi\u00e1 n\u00e0y, v\u1ed1n h\u00f3a th\u1ecb tr\u01b0\u1eddng c\u1ee7a token ch\u1ec9 kho\u1ea3ng $858,000, t\u01b0\u01a1ng \u0111\u01b0\u01a1ng kho\u1ea3ng 1\/3 t\u1ed5ng thi\u1ec7t h\u1ea1i t\u1eeb v\u1ee5 exploit.<\/p>\n<p>Ch\u1ee9c n\u0103ng bridge tr\u00ean c\u1ea3 b\u1ed1n blockchain hi\u1ec7n v\u1eabn \u0111ang b\u1ecb t\u1ea1m d\u1eebng v\u00e0 ch\u1ec9 \u0111\u01b0\u1ee3c kh\u00f4i ph\u1ee5c sau khi b\u1ea3n v\u00e1 \u0111\u01b0\u1ee3c tri\u1ec3n khai v\u00e0 audit ho\u00e0n t\u1ea5t.<\/p>\n<p>\u201c\u0110i\u1ec1u n\u00e0y kh\u00f4ng l\u00e0m thay \u0111\u1ed5i ni\u1ec1m tin c\u1ee7a ch\u00fang t\u00f4i r\u1eb1ng kh\u1ea3 n\u0103ng t\u01b0\u01a1ng t\u00e1c cross-chain ch\u1ec9 an to\u00e0n khi d\u1ef1a tr\u00ean c\u00e1c b\u1eb1ng ch\u1ee9ng m\u1eadt m\u00e3,\u201d \u0111\u1ed9i ng\u0169 d\u1ef1 \u00e1n vi\u1ebft.<\/p>\n<p>\u201c\u0110i\u1ec1u m\u00e0 v\u1ee5 exploit n\u00e0y \u0111\u00e3 ch\u1ec9 ra\u2014v\u1edbi chi ph\u00ed \u0111\u1eaft gi\u00e1\u2014l\u00e0 logic x\u00e1c minh c\u1ea7n \u0111\u01b0\u1ee3c audit th\u01b0\u1eddng xuy\u00ean h\u01a1n v\u00e0 ki\u1ec3m th\u1eed \u0111\u1ed1i kh\u00e1ng \u1edf m\u1ecdi t\u1ea7ng trong h\u1ec7 th\u1ed1ng,\u201d h\u1ecd nh\u1ea5n m\u1ea1nh. \u201c\u0110\u00f3 s\u1ebd l\u00e0 ti\u00eau chu\u1ea9n m\u00e0 Token Gateway \u00e1p d\u1ee5ng trong th\u1eddi gian t\u1edbi.\u201d<\/p>\n<h2><strong>B\u1ea3n tin h\u00e0ng ng\u00e0y<\/strong><\/h2>\n<p>B\u1eaft \u0111\u1ea7u m\u1ed7i ng\u00e0y v\u1edbi nh\u1eefng tin t\u1ee9c n\u1ed5i b\u1eadt nh\u1ea5t, c\u00f9ng n\u1ed9i dung \u0111\u1ed9c quy\u1ec1n, podcast, video v\u00e0 nhi\u1ec1u h\u01a1n n\u1eefa.<\/p>","protected":false},"excerpt":{"rendered":"<p>T\u00f3m t\u1eaft nhanh V\u1ee5 exploit c\u1ee7a Hyperbridge nghi\u00eam tr\u1ecdng h\u01a1n kho\u1ea3ng 10 l\u1ea7n so v\u1edbi \u01b0\u1edbc t\u00ednh ban \u0111\u1ea7u, v\u1edbi [&hellip;]<\/p>","protected":false},"author":5,"featured_media":73096,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[220],"tags":[],"class_list":["post-73095","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tien-dien-tu"],"acf":[],"_links":{"self":[{"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/posts\/73095","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/comments?post=73095"}],"version-history":[{"count":1,"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/posts\/73095\/revisions"}],"predecessor-version":[{"id":73177,"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/posts\/73095\/revisions\/73177"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/media\/73096"}],"wp:attachment":[{"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/media?parent=73095"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/categories?post=73095"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hbbgroup.net\/vi\/wp-json\/wp\/v2\/tags?post=73095"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}