HyperDrive DeFi protocol recently fell victim to a major exploit, losing $773,000 in funds from two accounts in its Treasury Bill market. The stolen funds were split between the BNB Chain and Ethereum networks through bridge transfers, causing immediate suspension of all money markets and withdrawals on the platform.
According to CertiK’s analysis, the attacker took advantage of an arbitrary call vulnerability in the router contract to steal 672,934 USDT0 and 110,244 thBILL tokens. The funds were then moved to Ethereum and BNB Chain via the deBridge protocol before being consolidated at a single address.
This incident marks the second security breach targeting Hyperliquid’s ecosystem within a span of three days, following the $3.6 million HyperVault rug pull where developers disappeared after deleting their social media accounts. The series of attacks has raised concerns about the security of projects built on the decentralized exchange platform.
HyperDrive officials confirmed that the exploit only affected the Primary USDT0 Market and Treasury USDT Market, with no impact on the protocol’s native HYPED token. The team is currently working with security experts and forensics teams to investigate the breach and explore compensation plans for affected users.
The exploit was made possible by a critical flaw in HyperDrive’s router contract, allowing the attacker to bypass security restrictions and drain user funds. The stolen funds were quickly moved off-chain through deBridge, indicating a high level of knowledge about the protocol’s internal workings.
HyperDrive’s team reached out to the exploiter on-chain, offering a white-hat bounty in exchange for returning the remaining funds. All market operations and withdrawal functions have been suspended as the investigation continues to prevent further malicious activity.
The incident has prompted a wider security review across Hyperliquid’s ecosystem, as other projects on the platform face increased scrutiny following the recent exploits and rug pulls.
The HyperDrive exploit comes on the heels of the HyperVault rug pull and other security incidents within the Hyperliquid ecosystem. Despite these challenges, Hyperliquid launched its native USDH stablecoin and activated HYPE/USDH spot trading, showcasing continued development and growth within the platform.
As the platform faces security challenges and competition from other decentralized exchanges, stakeholders are closely monitoring the situation to ensure the safety and integrity of the Hyperliquid ecosystem.