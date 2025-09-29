TLDR

Hyperdrive lost $782K due to an exploit targeting two key liquidity pools.

to The attacker drained 673,000 USDT0 and 110,244 thBILL tokens from Hyperdrive.

Hyperdrive paused operations to contain the damage and identify affected accounts.

This marks the third security breach on the Hyperliquid ecosystem in 2025.

A security breach in Hyperdrive, a lending protocol built on the Hyperliquid blockchain, has led to a loss of approximately $782,000 in tokens. The attack, which occurred late on a Saturday night, exploited a smart contract vulnerability, draining funds from two key pools. These assets were then converted into BNB and ETH, and moved off-chain. This event marks the third major security issue affecting the Hyperliquid ecosystem.

Attack Exploits Vulnerability in Smart Contract

The attacker exploited a vulnerability in Hyperdrive’s smart contract, specifically targeting the “arbitrary call in the router.” Blockchain security firm Certik, which investigated the breach, pointed to this flaw as the cause of the exploit.

The breach allowed the attacker to access and withdraw a total of 673,000 USDT0 stablecoins and 110,244 thBILL tokens from two of Hyperdrive’s primary pools—the Primary USDT0 Market and Treasury USDT Market.

Hyperdrive quickly responded to the attack by pausing its operations to prevent further losses. The team immediately began investigating the breach and working to identify the root cause. The protocol also initiated corrective measures to address the vulnerability.

Hyperdrive Responds to the Exploit

Following the attack, Hyperdrive’s team confirmed that the root cause of the issue had been identified and resolved. In an update, the team assured users that they would enact a compensation plan for those affected by the breach. However, no further details were provided regarding how compensation would be distributed or the timeline for the plan’s rollout.

Hyperdrive emphasized that it was committed to restoring normal operations soon. The protocol’s markets were paused temporarily, and the team assured users that security measures had been strengthened to avoid similar incidents in the future. Hyperdrive has also committed to releasing a postmortem report to provide transparency into the exploit and its aftermath.

Hyperdrive Faces Multiple Security Challenges

This incident marks the third significant security event involving the Hyperliquid ecosystem since its launch in late 2024. Earlier this year, the platform experienced issues when a whale manipulated the on-chain price of the Solana-based memecoin JELLYJELLY, leading to $12 million in losses. Additionally, another whale manipulation event left a Hyperliquid vault with a $4 million loss. These recurring security issues have raised concerns about the platform’s vulnerability to attacks.

Despite these challenges, Hyperdrive’s value locked in the platform stands at approximately $21 million, according to DefiLlama data. While the platform has worked to address the recent breach, the previous incidents have highlighted the risks associated with smart contract vulnerabilities and whale manipulation in decentralized finance protocols.

Future Steps for Hyperdrive and Hyperliquid

Hyperdrive’s immediate priority is to ensure the security and stability of its platform. The team has assured users that they are working on a comprehensive compensatory plan for the affected accounts and will provide further details soon. Additionally, Hyperdrive plans to release a full postmortem of the exploit, offering more insights into the attack and how it was mitigated.

With a focus on security and operational stability, Hyperdrive aims to restore user confidence in its lending protocol. However, the series of security breaches within the Hyperliquid ecosystem raises broader questions about the vulnerability of decentralized platforms to both smart contract exploits and external manipulation.

The post Hyperdrive Loses $782,000 in Tokens After Smart Contract Exploit Attack appeared first on CoinCentral.