HyperDrive DeFi protocol has suffered a $773,000 exploit affecting two accounts in its Treasury Bill market, with stolen funds split between BNB Chain and Ethereum networks through bridge transfers. The attack compromised positions using Theo Network’s thBILL as collateral, prompting immediate suspension of all money markets and withdrawals across the platform. #PeckShieldAlert @hyperdrivedefi has reported a compromise of 2 accounts in the thBILL market, resulting in a loss of ~$773K. The stolen funds were split and bridged out: • 288.37 $BNB → #BNBChain • 123.6 $ETH → #Ethereum pic.twitter.com/P7Yire2Xdg — PeckShieldAlert (@PeckShieldAlert) September 28, 2025 Second Major Exploit Strikes Hyperliquid Ecosystem in 72 Hours CertiK’s analysis revealed the attacker exploited an arbitrary call vulnerability in the router contract, stealing 672,934 USDT0 and 110,244 thBILL tokens. The stolen funds were bridged via the deBridge protocol, with approximately $494,000 moved to Ethereum and $279,000 to BNB Chain before being consolidated at a single address. The incident marks the second major security breach targeting Hyperliquid’s ecosystem within three days, following the $3.6 million HyperVault rug pull, in which developers disappeared after deleting all their social media accounts. The rapid succession of attacks raises concerns about the security posture of projects building on the decentralized exchange platform. HyperDrive officials confirmed the exploit was limited to the Primary USDT0 Market and Treasury USDT Market, with no impact on the protocol’s native HYPED token. The team has engaged security and forensics experts while exploring compensation plans for affected users. HYPERDRIVE UPDATE: We are aware of the recent issues affecting the Hyperdrive protocol. At this time, we are able to confirm that the issues affect only two markets: the Primary USDT0 Market and the Treasury USDT Market. An investigation is currently ongoing, and we are working… — Hyperdrive (@hyperdrivedefi) September 28, 2025 Router Vulnerability Enables Systematic Fund Extraction The attacker repeatedly exploited a critical flaw in HyperDrive’s router contract that allowed arbitrary function calls, thereby bypassing normal security restrictions and draining user funds. CertiK’s forensic analysis identified the specific vulnerability that enabled the systematic extraction of funds from the thBILL Treasury Market . Positions on two accounts on the thBILL market have been compromised. Hyperdrive has paused all money markets as a precaution while we investigate further. This issue does not affect $HYPED . — Hyperdrive (@hyperdrivedefi) September 27, 2025 The exploit targeted accounts holding positions backed by Theo Network’s Treasury Bill tokens, which serve as collateral in HyperDrive’s lending markets. Notably, security experts have speculated that the attacker’s methodical approach suggests a high level of knowledge of the protocol’s internal mechanics and smart contract architecture. They noted the stolen funds were quickly moved off-chain through deBridge, a cross-chain protocol that facilitates asset transfers between different blockchain networks. HyperDrive’s team reached out to the exploiter on-chain, offering a 10% white-hat bounty in exchange for returning the remaining funds. The protocol suspended all market operations and withdrawal functions to prevent additional malicious activity while investigating the full scope of the compromise. The incident prompted broader security reviews across Hyperliquid’s ecosystem, as multiple projects building on the platform face increased scrutiny following the recent wave of exploits and rug pulls. Hyperliquid Ecosystem Under Siege From Multiple Threats The HyperDrive exploit compounds pressure on Hyperliquid following the devastating HyperVault rug pull just 48 hours earlier , where developers vanished with $3.6 million after depositing stolen ETH into Tornado Cash. The HyperVault scam ignored early community warnings about fabricated audit claims from respected firms. Previous security incidents include the March JELLY token manipulation that cost Hyperliquid’s vault $13.5 million through artificial price pumping and leveraged position exploitation. The “ETH 50x Big Guy” trader similarly netted $1.8 million profit while causing $4 million in vault losses. These attacks occur as ASTER DEX challenges Hyperliquid’s market dominance, processing over $13 billion in daily perpetual futures volume compared to Hyperliquid’s reduced activity. Additionally, ASTER has recently integrated Trust Wallet , providing 100 million users with direct access to perpetual contracts. Arthur Hayes previously exited his entire HYPE position for $823,000 profit, citing massive token unlocks worth $11.9 billion starting November 29. He recently polled his followers about re-entering HYPE after the token dropped 23% in a week to $35.50. Despite security challenges, Hyperliquid launched its native USDH stablecoin on September 24, generating $2.2 million in early trading volume. Native Markets secured the stablecoin issuance mandate after defeating established players, including Paxos and Ethena Labs, through competitive governance voting. The platform has also activated HYPE/USDH spot trading following Native Markets’ three-year commitment to stake 200,000 HYPE tokens. Native Markets has staked and locked 200k HYPE for 3 years, making USDH the first permissionless spot quote asset to be added on @HyperliquidX HYPE / USDH is now live for trading. — Native Markets (@nativemarkets) September 27, 2025 Following the Hayes whale move to dump Hayes, citing problems with Hype tokenomics supply, the DBA asset manager proposed cutting HYPE’s total supply by 45% to improve tokenomics. However, critics warned that this could limit future growth flexibility. The post Hyperliquid’s HyperDrive DeFi Loses $773K in Account Compromise, Funds Bridged to BNB Chain and Ethereum appeared first on Cryptonews .
