Hyperliquid’s Hyperdrive Defi Loses $773K In Account Compromise, Funds Bridged To Bnb Chain And Ethereum

What Happened

HyperDrive DeFi protocol has suffered a $773,000 exploit affecting two accounts in its Treasury Bill market, with stolen funds split between BNB Chain and Ethereum networks through bridge transfers.

Second Major Exploit Strikes Hyperliquid Ecosystem in 72 Hours

CertiK’s analysis revealed the attacker exploited an arbitrary call vulnerability in the router contract, stealing 672,934 USDT0 and 110,244 thBILL tokens.

The rapid succession of attacks raises concerns about the security posture of projects building on the decentralized exchange platform.

HyperDrive officials confirmed the exploit was limited to the Primary USDT0 Market and Treasury USDT Market, with no impact on the protocol’s native HYPED token.

The attacker repeatedly exploited a critical flaw in HyperDrive’s router contract that allowed arbitrary function calls, thereby bypassing normal security restrictions and draining user funds.

CertiK’s forensic analysis identified the specific vulnerability that enabled the systematic extraction of funds from the thBILL Treasury Market.

The exploit targeted accounts holding positions backed by Theo Network’s Treasury Bill tokens, which serve as collateral in HyperDrive’s lending markets.

HyperDrive’s team reached out to the exploiter on-chain, offering a 10% white-hat bounty in exchange for returning the remaining funds.

The protocol suspended all market operations and withdrawal functions to prevent additional malicious activity while investigating the full scope of the compromise.

The incident prompted broader security reviews across Hyperliquid’s ecosystem, as multiple projects building on the platform face increased scrutiny following the recent wave of exploits and rug pulls.

The HyperDrive exploit compounds pressure on Hyperliquid following the devastating HyperVault rug pull just 48 hours earlier, where developers vanished with $3.6 million after depositing stolen ETH into Tornado Cash.

Previous security incidents include the March JELLY token manipulation that cost Hyperliquid’s vault $13.5 million through artificial price pumping and leveraged position exploitation.

Market Context

The attack compromised positions using Theo Network’s thBILL as collateral, prompting immediate suspension of all money markets and withdrawals across the platform.

These attacks occur as ASTER DEX challenges Hyperliquid’s market dominance, processing over $13 billion in daily perpetual futures volume compared to Hyperliquid’s reduced activity.

Why It Matters

Notably, security experts have speculated that the attacker’s methodical approach suggests a high level of knowledge of the protocol’s internal mechanics and smart contract architecture.

Details

The stolen funds were bridged via the deBridge protocol, with approximately $494,000 moved to Ethereum and $279,000 to BNB Chain before being consolidated at a single address.

The incident marks the second major security breach targeting Hyperliquid’s ecosystem within three days, following the $3.6 million HyperVault rug pull, in which developers disappeared after deleting all their social media accounts.

The team has engaged security and forensics experts while exploring compensation plans for affected users.

Router Vulnerability Enables Systematic Fund Extraction

They noted the stolen funds were quickly moved off-chain through deBridge, a cross-chain protocol that facilitates asset transfers between different blockchain networks.

Hyperliquid Ecosystem Under Siege From Multiple Threats

The HyperVault scam ignored early community warnings about fabricated audit claims from respected firms.

The “ETH 50x Big Guy” trader similarly netted $1.8 million profit while causing $4 million in vault losses.