Hyperdrive Hack Drains $782K via Smart Contract Exploit

On Sept 27, Hyperdrive, a Hyperliquid protocol, lost 782K in tokens after a smart contract bug enabled a hacker to empty key pools.

Hyperdrive, a lending protocol that is on top of the Hyperliquid network, lost $782,000 to a smart contract exploit on Saturday night. Two large liquidity pools were emptied: the Primary USDT0 Market and the Treasury USDT Market. 

About 673,000 USDT0 stablecoins and 110,244 thBILL tokens were stolen and then quickly exchanged into cross-chain assets such as BNB and ETH, and off-chain.

CertiK, a blockchain security firm, notes that the attacker used an arbitrary call in the router of the smart contract of Hyperdrive. 

Source – X

This weakness opened this up to unauthorized withdrawals, and this opens up to inherent risks in the coding of the platform. 

Hyperdrive stopped protocol operations as soon as possible to avoid additional damage and initiated an investigation.

Root Cause Uncovered, Compensation Schemed.

The cause was identified as a defect in the router contract of Hyperdrive. The team of the protocol said that they had remedied the vulnerability and were coming up with a compensation scheme with the users who had been affected.

The compensation details are not disclosed, although Hyperdrive promised to release a postmortem report shortly after it had reviewed it.

In spite of this violation, the total value locked (TVL) of Hyperdrive is approximately 21 million. It is the third major security breach in the Hyperliquid ecosystem since its launch in November 2024. 

Whale manipulations have been a problem in the past, leading to losses of millions of dollars in associated projects.

Hyperliquid Ecosystem is engulfed by security Challenges.

Following this recent hack, the Hyperliquid ecosystem has come under extreme scrutiny. In early 2022, a whale interfered with the price on-chain of the Solana memecoin JELLYJELLY, and the protocol had to cover up to 12 million in losses. A Hyperliquid vault lost $4 million to another whale attack of whales.

The quick reaction and the compensations planned by Hyperdrive show that it is determined to rebuild trust. However, unremedied security weaknesses cast doubt upon the security of Layer 1 chain-based decentralized finance protocols based on Hyperliquid.