Hyperliquid’s HyperDrive DeFi Suffers $773K Loss Due to Account Breach, Funds Transferred to BNB Chain and Ethereum

Hyperdrive Defi Protocol Exploit Results in $773,000 Loss

Hyperdrive Defi protocol recently faced a security breach that led to the loss of $773,000 across two accounts in the Treasury bill market. The stolen assets were divided between the BNB chain and the Ethereum network.

This attack took advantage of collateral positions using Theo Network’s Thbill, which prompted an immediate suspension of all money markets and the withdrawal of all funds from the platform.

Analysis from Certik revealed that the attacker exploited a vulnerability in the router contract, allowing them to abscond with 672,934 USDT0 and 110,244 Thbill tokens.

The stolen funds were funneled through the debridge protocol. Roughly $494,000 was transferred to Ethereum, with around $279,000 shifting to the BNB chain, ultimately consolidating at a single address.

This incident marks the second notable security issue targeting the Hyperliquid ecosystem within just three days, following a previous $3.6 million hack involving Hypervault.

The quick succession of these attacks has raised alarms regarding the security measures in place for projects operating on decentralized exchange platforms.

The Hyperdrive team confirmed that the exploit was restricted to the main USDT0 and the USDT market, leaving the protocol’s native hype tokens unaffected.

In response to the incident, the team is collaborating with security and forensic specialists to develop compensation strategies for impacted users.

The attacker repeatedly took advantage of a significant flaw in Hyperdrive’s router contract, which permitted unauthorized function calls and allowed for the extraction of user funds.

According to Certik’s forensic analysis, specific vulnerabilities may enable systematic fund extractions from the Thbill Treasury Market.

The affected accounts were secured with collateral from Theo Network’s Treasury Bill Tokens, serving as backing for Hyperdrive’s lending market.

Security experts indicate that the methodical nature of the attack suggests the perpetrator had a deep understanding of the protocol and its smart contract architecture.

Moreover, the stolen assets rapidly moved off-chain via debridge, which facilitates asset transfers amongst various blockchain networks.

The HyperDrive team even reached out to the attacker with an offer of a 10% bounty for the return of the remaining funds.

In the meantime, the protocol has paused all market activities and withdrawal functions to prevent any further malicious actions while it investigates the full details of the breach.

This situation has spurred a wider security audit within the Hyperliquid ecosystem, as other projects have ramped up their security reviews following these recent incidents.