Hyperdrive Loses $782,000 in Smart Contract Exploit on Hyperliquid Blockchain
Hyperdrive, a lending protocol built on the Hyperliquid blockchain, suffered a major exploit that drained nearly $782,000 in crypto assets. The incident marks the third major security breach in the Hyperliquid ecosystem since its launch.
- The attacker targeted two markets: Primary USDT0 and Treasury USDT, draining over 673,000 USDT0 and 110,244 thBILL.
- Security firm CertiK identified an arbitrary call vulnerability in the router contract.
- Hyperdrive has paused its markets, patched the issue, and is preparing a compensation plan.
- This is the third major security incident affecting the Hyperliquid network since its launch.
The decentralized finance world faced another blow as Hyperdrive, a small lending protocol operating on the Hyperliquid blockchain, reported a security exploit that cost users around $782,000 in total. According to on-chain data, the attacker drained funds from two key markets — the Primary USDT0 Market and the Treasury USDT Market — by exploiting a vulnerability in the protocol’s smart contract router.
Blockchain security firm CertiK explained that the attacker used an arbitrary call exploit, allowing unauthorized execution of functions within the contract. This loophole enabled them to repeatedly drain funds, ultimately stealing 673,000 USDT0 and 110,244 thBILL, equivalent to about $782,000. The stolen tokens were later converted to BNB and ETH and sent off-chain to obscure tracking.
Following the breach, Hyperdrive’s development team acted quickly by pausing the protocol to prevent further losses. In a statement on X, the team confirmed that the root cause had been identified and a patch was deployed to secure the platform. They also promised to publish a detailed postmortem report and roll out a compensatory plan for affected users soon.
Hyperdrive currently holds around $21 million in total value locked (TVL), based on data from DefiLlama. While users await official compensation details, the event has sparked discussions around DeFi protocol security and the growing pains of emerging blockchains.
This incident follows two earlier exploits within the Hyperliquid ecosystem. In March, a whale manipulated the price of a Solana-based memecoin, JELLYJELLY, causing a $12 million loss to a protocol operating on Hyperliquid. Another manipulation earlier in the year led to a $4 million vault loss, further highlighting the network’s ongoing vulnerability challenges.
Final Thought
The Hyperdrive exploit underscores a recurring issue within decentralized finance — security risks in smart contracts. While DeFi continues to push innovation, the growing frequency of exploits shows that audits and contract safeguards remain critical for ecosystem trust. As Hyperdrive prepares its compensation plan, users and developers alike are reminded that safety must evolve alongside innovation.