Hyperdrive has restored operations and compensated users after a June exploit drained funds from two markets on the Hyperliquid blockchain.
Summary
- Hyperdrive exploited for ~$700K on Sept. 27.
- Attack traced to router contract permissions.
- Users reimbursed, markets fully restored.
Hyperdrive, a decentralized finance protocol on the Hyperliquid blockchain, has resumed full operations and restored funds to affected users after an exploit drained nearly $700,000 from two markets.
According to the project’s Sept. 29 update on X, all accounts impacted by the attack have been remediated and market functions are now back online. The team confirmed that the exploit was limited to the Primary and Treasury USDT0 markets and did not spread to other assets or contracts.
Details of Hyperdrive exploit
On Sept. 27, attackers took advantage of Hyperdrive’s router contract, which had been granted operator permissions during lending processes. This made it possible to manipulate collateralized positions and make arbitrary function calls to whitelisted contracts. Two accounts were drained, losing 672,934 USDT0 and 110,244 thBILL tokens.
The stolen money was tracked to Ethereum (ETH) and BNB (BNB) Chain, where some of it was laundered using Tornado Cash. External auditors and forensic specialists were enlisted by Hyperdrive, who verified the vulnerability was fixed and created a patch in a matter of hours. All markets were paused during remediation, with operations resuming only after compensation was completed.
Ongoing investigation and security response
Hyperdrive stated that the attack was carried out by a known threat actor previously linked to high-profile protocol exploits. A full post-mortem report will be published in the coming days. While reiterating that user accounts are now secure, the team cautioned against scams and unofficial communications.
Despite the setback, Hyperdrive says its long-term strategy is still the same, concentrating on yield strategies like tokenizing Treasury bills with partners like Theo Network. The team aims to strengthen user trust while pushing for more extensive security audits throughout the ecosystem.
The incident highlights risks facing the Hyperliquid (HYPE) ecosystem, which recently saw a $3.6 million rug pull at HyperVault, another protocol built on the chain. Since Hyperliquid only runs a small number of validator nodes, issues with centralization and system security remain.
Source: https://crypto.news/hyperliquid-hyperdrive-resumes-services-700k-hack-2025/
