Hyperdrive has restored operations and compensated users after an exploit in June drained funds from two markets on the Hyperliquid blockchain.
Summary
- Hyperdrive was traded for ~$700,000 on September 27th.
- Attack traced to router contract permissions.
- Users refunded, markets fully recovered.
Hyperdrive, a decentralized finance protocol on the Hyperliquid blockchain, has resumed full operations and restored funds to affected users after an exploit took nearly $700,000 from two markets.
According to the project of September 29 update on X, all accounts affected by the attack have been restored and market functions are now back online. The team confirmed that the exploit was limited to the primary and treasury USDT0 markets and did not spread to other assets or contracts.
Hyperdrive exploit details
On September 27, attackers abused Hyperdrive’s router contract, which had been granted operator rights during the lending process. This made it possible to manipulate collateral positions and make arbitrary function calls to whitelisted contracts. Two accounts were cleared, losing 672,934 USDT0 and 110,244 thBILL tokens.
The stolen money was traced to Ethereum (ETH) and BNB (BNB) Chain, where some of it was laundered using Tornado Cash. External auditors and forensic specialists were brought in by Hyperdrive, who checked whether the vulnerability had been fixed and created a patch within hours. All markets were paused during the remediation and operations only resumed after compensation was completed.
Ongoing investigation and safety response
Hyperdrive stated that the attack was carried out by a known threat actor previously associated with high-profile protocol exploits. A full post-mortem report will be published in the coming days. While the team reiterated that user accounts are now safe, it warned against scams and unofficial communications.
Despite the setback, Hyperdrive says its long-term strategy is still the same, focusing on return strategies such as tokenizing government bonds with partners like Theo Network. The team aims to strengthen user trust while pushing for more comprehensive security audits across the ecosystem.
The incident highlights the risks facing the Hyperliquid (HYPE) ecosystem, which recently saw a $3.6 million back pull on HyperVault, another protocol built on the chain. Because Hyperliquid only runs a small number of validator nodes, centralization and system security issues remain.
