The HyperDrive DeFi system was hacked, resulting in a loss of $773,000 from two accounts in its Treasury Bill market. The stolen money was divided and moved between the BNB Chain and Ethereum networks.
The attack used Theo Network’s thBILL as security, leading to an immediate halt of all money markets and withdrawals on the platform.
Big Hack Hits Hyperliquid System Twice in 72 Hours
CertiK found that the attacker took advantage of a weakness in the router contract, stealing 672,934 USDT and 110,244 thBILL tokens.
The stolen money was transferred using the deBridge system. About $494,000 went to Ethereum and $279,000 went to BNB Chain before it was all combined into one account.
This is the second big security problem for Hyperliquid in just three days. The first was when $3. 6 million went missing from HyperVault, and the developers vanished after deleting all their social media.
The quick series of attacks makes people worried about how safe the projects are that are using the decentralized exchange platform.
HyperDrive officials said that the issue only affected the Primary USDT0 Market and Treasury USDT Market. The main HYPED token was not affected.
The team has hired security and investigation experts and is looking for ways to compensate the users who were affected.
Router Weakness Allows for Stealing Money Systematically
The attacker used a serious weakness in HyperDrive’s router contract multiple times. This weakness let them make any function calls they wanted, getting around regular security measures and stealing users’ money.
CertiK’s investigation found the exact weakness that allowed money to be taken from the thBILL Treasury Market regularly.
The attack focused on accounts that had assets supported by Theo Network’s Treasury Bill tokens, which are used as security in HyperDrive’s lending system.
Security experts believe that the way the attacker acted shows they know a lot about how the system works and how the smart contracts are set up.
They observed that the stolen money was quickly transferred off the blockchain using deBridge, a tool that helps move assets between different blockchain networks.
The HyperDrive team contacted the person who took the money on the blockchain, offering a reward of 10% if they return the rest of the funds.
The protocol stopped all market activities and withdrawal features to stop further bad actions while they looked into the extent of the problem.
The event led to a wider look at security throughout Hyperliquid’s system, as many projects using the platform are now being watched more closely after recent cases of theft and fraud.
Hyperliquid Ecosystem Facing Many Risks
The HyperDrive exploit adds more pressure on Hyperliquid after a serious problem with HyperVault just two days before. In that incident, the developers disappeared with $3. 6 million after putting stolen ETH into Tornado Cash.
The HyperVault scam didn’t listen to early warnings from the community about fake audit claims from trusted companies.
There was a security issue in March involving the JELLY token. This incident caused Hyperliquid’s vault to lose $13. 5 million because of fake price increases and taking advantage of borrowed money.
The “ETH 50x Big Guy” trader made a profit of $1. 8 million but also caused losses of $4 million in the vault.
These attacks happen because ASTER DEX is competing with Hyperliquid, which is seeing lower trading activity. ASTER DEX is handling more than $13 billion in daily trading of future contracts, while Hyperliquid is not as busy.
Also, ASTER has recently added Trust Wallet, giving 100 million users easy access to perpetual contracts.
Arthur Hayes sold all of his HYPE tokens for a profit of $823,000. He did this because there will be large token unlocks worth $11. 9 billion starting on November 29.
He recently asked his followers if he should get back into HYPE after the price of the token fell 23% in a week to $35. 50
Even though there were security issues, Hyperliquid introduced its own stablecoin called USDH on September 24, which had $2. 2 million in trading during the first days.
Native Markets won the right to issue stablecoins by beating well-known companies like Paxos and Ethena Labs in a voting process.
The platform has started HYPE/USDH spot trading after Native Markets promised to stake 200,000 HYPE tokens for three years.
After Hayes decided to sell their Hayes whale, mentioning issues with Hype’s token supply, the DBA asset manager suggested reducing HYPE’s total supply by 45% to make its economy better. However, critics said this might restrict the ability to grow in the future.
