Hyperliquid money market Hyperdrive has halted all trading after confirming an exploit that compromised two user wallets.
The breach resulted in losses of around $700,000, with the team taking what it calls a precautionary step to pause its platform while an investigation is ongoing. Hyperdrive assured users that the thBILL asset and the $HYPED token remain unaffected.
Exploit Tied to Operator Permission System
The incident has been linked to Hyperdrive’s operator permission setup. Users had designated the protocol’s Router as an operator, which granted it wide access to whitelisted contracts. Attackers abused this setup by making arbitrary calls through the Router, targeting the Market contract. This allowed them to manipulate positions and drain funds. Hyperdrive confirmed the weakness lies in this permission system rather than its core assets.
Growing Concerns Around Hyperliquid Ecosystem
The attack follows a string of issues for projects in the Hyperliquid ecosystem. Just one day earlier, HyperVault collapsed in what security experts described as a rug pull. That exploit drained $3.6 million before funds were moved into Tornado Cash. Earlier this year, the ecosystem was also affected by the JELLYJELLY manipulation in March and the XPL exploit in August. Repeated incidents have raised questions about security standards and weakened confidence among investors.
HyperVault Exit Raises Red Flags
HyperVault, which promoted unmanaged vaults and strategy adapters, saw its website taken down and its X account deleted shortly after the exploit. PeckShield traced funds leaving Hyperliquid for Ethereum, where they were converted into ETH. More than 750 ETH was later deposited into Tornado Cash, consistent with known laundering tactics. With the project team disappearing, many in the community suspect an exit scam. Users are left without clear answers about the possibility of recovering funds.
The consecutive attacks on Hyperdrive and HyperVault have intensified scrutiny on Hyperliquid-based protocols. With investor trust at stake, the spotlight now falls on the security practices within this growing ecosystem.
