Hyperliquid’s HyperDrive Defi Suffers $773,000 Exploit
The HyperDrive Defi protocol has fallen victim to an exploit, resulting in a loss of $773,000 from two accounts in its Treasury Bill Market. The stolen funds were divided between the BNB chain and Ethereum networks via bridge transfers. According to an analysis by Certik, the attacker stole approximately $672,934 in USDT and $110,244 in THBill tokens.
The incident has led to the immediate suspension of all money markets and withdrawals on the entire platform. The HyperDrive team has confirmed that the exploit was limited to the primary USDT0 market and the finance USDT market, and did not affect the native tokens of the protocol. The team has commissioned security and forensic experts to investigate the incident and is exploring compensation plans for affected users.
Second Major Exploit in 72 Hours
This incident marks the second major security breach against the Hyperliquid ecosystem within a span of 72 hours. Earlier, the Hypervault protocol was exploited, resulting in a loss of $3.6 million. The developer of Hypervault disappeared after deleting all social media accounts, leaving users with significant losses. The quick sequence of attacks has raised concerns about the security of projects built on the decentralized exchange platform.
The HyperDrive team has stated that they are aware of the issue and are working to resolve it. In a tweet, the team said, “We are aware of the latest issue affecting the HyperDrive protocol. At this point, we can confirm that the issue only affects two markets: the primary USDT0 market and the USDT finance market. An investigation is currently ongoing and we are working with security and forensic experts to resolve the issue.”
Exploit Methodology and Aftermath
The attacker exploited a critical vulnerability in the HyperDrive protocol’s router contract, allowing for arbitrary function calls and bypassing normal safety restrictions. The stolen funds were bridged to the BNB chain and Ethereum networks using the DeBridge protocol. The HyperDrive team has offered a 10% white hat reward to the exploiter in exchange for the return of the remaining funds.
The incident has led to a wider security review of the Hyperliquid ecosystem, with several projects on the platform increasing their security measures in response to the latest wave of exploits and rugs. The Hyperliquid ecosystem has faced several security incidents in the past, including the manipulation of the Jelly token, which resulted in a loss of $13.5 million. The recent exploits have raised concerns about the security of the ecosystem and the need for more robust measures to protect user funds.
Hyperliquid Ecosystem Under Siege
The Hyperliquid ecosystem is facing significant challenges, including increased competition from other decentralized exchange platforms. The Aster Dex platform has been gaining traction, with a daily futures volume of over $13 billion compared to Hyperliquid’s reduced activity. Additionally, Aster has integrated the Trust Wallet and enabled access to perpetual contracts for over 100 million users.
Despite the security challenges, Hyperliquid has launched its native USDH stablecoin, which has generated an early retail volume of $2.2 million. The platform has also activated the HYPE/USDH spot trade, with native markets setting up 200,000 HYPE tokens for three years. However, the recent exploits have raised concerns about the security and stability of the ecosystem, and the need for more robust measures to protect user funds.
For more information, please visit https://cryptonews.com/news/hyperliquids-hyperdrive-defi-loses-773k-in-account-compromise-funds-bridged-to-bnb-chain-and-ethereum/
