HyperDrive DeFi protocol has suffered a $773,000 exploit affecting two accounts in its Treasury Bill market, with stolen funds split between BNB Chain and Ethereum networks through bridge 0 attack compromised positions using Theo Network’s thBILL as collateral, prompting immediate suspension of all money markets and withdrawals across the platform. #PeckShieldAlert @hyperdrivedefi has reported a compromise of 2 accounts in the thBILL market, resulting in a loss of ~$773K. The stolen funds were split and bridged out: • 288.37 $BNB → #BNBChain • 123.6 $ETH → #Ethereum 1 — PeckShieldAlert (@PeckShieldAlert) September 28, 2025 Second Major Exploit Strikes Hyperliquid Ecosystem in 72 Hours CertiK’s analysis revealed the attacker exploited an arbitrary call vulnerability in the router contract, stealing 672,934 USDT0 and 110,244 thBILL 2 stolen funds were bridged via the deBridge protocol, with approximately $494,000 moved to Ethereum and $279,000 to BNB Chain before being consolidated at a single 3 incident marks the second major security breach targeting Hyperliquid’s ecosystem within three days, following the $3.6 million HyperVault rug pull, in which developers disappeared after deleting all their social media 4 rapid succession of attacks raises concerns about the security posture of projects building on the decentralized exchange 5 officials confirmed the exploit was limited to the Primary USDT0 Market and Treasury USDT Market, with no impact on the protocol’s native HYPED 6 team has engaged security and forensics experts while exploring compensation plans for affected 7 UPDATE: We are aware of the recent issues affecting the Hyperdrive 8 this time, we are able to confirm that the issues affect only two markets: the Primary USDT0 Market and the Treasury USDT 9 investigation is currently ongoing, and we are working… — Hyperdrive (@hyperdrivedefi) September 28, 2025 Router Vulnerability Enables Systematic Fund Extraction The attacker repeatedly exploited a critical flaw in HyperDrive’s router contract that allowed arbitrary function calls, thereby bypassing normal security restrictions and draining user funds.
CertiK’s forensic analysis identified the specific vulnerability that enabled the systematic extraction of funds from the thBILL Treasury 10 on two accounts on the thBILL market have been 11 has paused all money markets as a precaution while we investigate 12 issue does not affect $HYPED . — Hyperdrive (@hyperdrivedefi) September 27, 2025 The exploit targeted accounts holding positions backed by Theo Network’s Treasury Bill tokens, which serve as collateral in HyperDrive’s lending markets. Notably, security experts have speculated that the attacker’s methodical approach suggests a high level of knowledge of the protocol’s internal mechanics and smart contract 13 noted the stolen funds were quickly moved off-chain through deBridge, a cross-chain protocol that facilitates asset transfers between different blockchain networks.
HyperDrive’s team reached out to the exploiter on-chain, offering a 10% white-hat bounty in exchange for returning the remaining 14 protocol suspended all market operations and withdrawal functions to prevent additional malicious activity while investigating the full scope of the 15 incident prompted broader security reviews across Hyperliquid’s ecosystem, as multiple projects building on the platform face increased scrutiny following the recent wave of exploits and rug 16 Ecosystem Under Siege From Multiple Threats The HyperDrive exploit compounds pressure on Hyperliquid following the devastating HyperVault rug pull just 48 hours earlier , where developers vanished with $3.6 million after depositing stolen ETH into Tornado 17 HyperVault scam ignored early community warnings about fabricated audit claims from respected 18 security incidents include the March JELLY token manipulation that cost Hyperliquid’s vault $13.5 million through artificial price pumping and leveraged position 19 “ETH 50x Big Guy” trader similarly netted $1.8 million profit while causing $4 million in vault 20 attacks occur as ASTER DEX challenges Hyperliquid’s market dominance, processing over $13 billion in daily perpetual futures volume compared to Hyperliquid’s reduced activity.
Additionally, ASTER has recently integrated Trust Wallet , providing 100 million users with direct access to perpetual 21 Hayes previously exited his entire HYPE position for $823,000 profit, citing massive token unlocks worth $11.9 billion starting November 22 recently polled his followers about re-entering HYPE after the token dropped 23% in a week to $35.50. Despite security challenges, Hyperliquid launched its native USDH stablecoin on September 24, generating $2.2 million in early trading 23 Markets secured the stablecoin issuance mandate after defeating established players, including Paxos and Ethena Labs, through competitive governance 24 platform has also activated HYPE/USDH spot trading following Native Markets’ three-year commitment to stake 200,000 HYPE 25 Markets has staked and locked 200k HYPE for 3 years, making USDH the first permissionless spot quote asset to be added on @HyperliquidX HYPE / USDH is now live for trading. — Native Markets (@nativemarkets) September 27, 2025 Following the Hayes whale move to dump Hayes, citing problems with Hype tokenomics supply, the DBA asset manager proposed cutting HYPE’s total supply by 45% to improve tokenomics.
However, critics warned that this could limit future growth flexibility.
Story Tags
Latest news and analysis from cryptonews
