Hyperdrive, a DeFi yield approach protocol built on the Hyperliquid ecosystem, has confirmed that two user pockets positions in its Treasury Market bought compromised in a digital heist that ended in an estimated $700,000 in losses.
In what’s being publicized as a precautionary measure, Hyperdrive has taken to X to uncover it has paused all money markets across the platform while it continues its investigations. In the period in-between, the crew has emphasised that there might be now not any such thing as a vulnerability in the thBILL asset itself, and the venture would now not affect the $HYPED token.
Hyperdrive moves to quiet exploit rumors
In step with posts on X, the exploit is being linked to a flaw in Hyperdrive’s operator permission system. Users had reportedly designated the protocol’s Router as an operator, permitting it gargantuan entry to name any whitelisted contract—including the Market contract.
Attackers took motivate of this by invoking the Router to set out arbitrary calls. This gave them entry that they extinct to manipulate and someway drain the affected positions.
The incident comes now not lengthy after the $3.6 million rug pull by HyperVault, yet one other Hyperliquid-essentially based yield protocol, which took plot on September 26, 2025.
The irony of the assaults is now not lost on crypto natives who’re looking out at keenly and like pointed out how there appears to be an ongoing marketing campaign concentrated on the Hyperliquid ecosystem.
This year by myself, the set has persisted a string of security disorders, including earlier exploits love the March JELLYJELLY manipulation and the August XPL assault. The assaults like hit neighborhood sentiment, reasonably “dampening” Hyperliquid’s hype.
Hyperdrive heist comes ultimately after HyperVault exploit
On September 26, blockchain security agency PeckShield flagged weird and wonderful outflows of about $3.6 million from the decentralized finance platform Hypervault, being bridged from Hyperliquid to Ethereum.
After bridging, the funds had been swapped into ETH, and approximately 752 ETH, value almost $3 million, used to be deposited into Twister Cash, a classic mark of crypto rug pulls.
In step with Hypervault’s web page and documentation, it is accountable for the promotion of “unmanaged” auto-compounding vaults, keeper-bot harvests, and approach adapters that route property to lending, looping, and concentrated liquidity venues on HyperEVM.
It generated income by deploying user deposits across external venues by using modular suggestions.
The project’s X account has now been deleted, and the authentic web page stays inaccessible, raising suspicions of an exit scam.
On X, there might be soundless a complete lot of confusion and speculation from whales and standard customers who’re facing losses and inquiring about any possibility of restoration.
