An exploit targeting Hyperliquid’s HyperDrive DeFi router contract resulted in the theft of approximately $773,000 from two accounts in the protocol’s Treasury Bill market. The attacker leveraged an arbitrary call vulnerability to bypass security restrictions, draining collateralized positions and enabling systematic extraction of funds. The stolen assets, comprising 288.37 BNB and 123.6 ETH, were bridged to BNB Chain and Ethereum through the deBridge protocol.
The incident marks the second major security breach within Hyperliquid’s ecosystem in 72 hours, following a $3.6 million rug pull on the HyperVault platform. CertiK’s forensic analysis identified the root cause as a flaw in the router contract, which allowed unauthorized execution of internal functions. Positions in the Primary USDT0 and Treasury USDT markets were compromised before operations were paused.
HyperDrive officials confirmed that the native HYPED token and other markets remained unaffected. The team engaged blockchain security and forensics experts to investigate the full scope of the breach and consider compensation plans for affected users. A 10% white-hat bounty was offered on-chain to incentivize the return of remaining funds.
Following the exploit, Hyperliquid’s broader ecosystem underwent security reviews, and multiple projects on the platform paused operations to assess vulnerabilities. Observers noted the attacker’s methodical approach, suggesting deep familiarity with the protocol’s architecture. The rapid succession of security incidents has drawn attention to the need for enhanced auditing standards and on-chain risk controls in DeFi governance.
This exploit highlights persistent threats in decentralized finance and underscores the importance of rigorous smart contract validation. Industry participants are urged to adopt multi-layer security measures, including formal verification, continuous monitoring and on-chain bounty programs to safeguard user funds and maintain protocol integrity.
Comments (0)