HypurrFi Website Compromised in Suspected Domain Hijack, Users Told to Stay Away

HypurrFi halts access after domain scare, signaling ongoing frontend risks despite secure smart contracts.

Security concerns have surfaced around HypurrFi after a suspected domain hijack triggered an urgent warning to users. The team quickly flagged risks tied to its official website and lending interface. Early communication stressed caution while investigations continue. No losses have been confirmed, but access to the platform remains restricted for safety reasons.

HypurrFi Incident Triggers Shutdown Warning Despite Funds Remaining Safe

HypurrFi alerted users not to interact with its website or lending services after detecting a possible domain compromise. Founder androolloyd issued a direct warning on X, stating that the “hypurr.fi” domain is currently unsafe. The team added that its social media accounts remain under control and unaffected.

Reassurance followed that user funds are not at risk at this stage. Still, users were told to avoid the platform entirely until further notice. HypurrFi operates as a DeFi lending and borrowing protocol built on HyperEVM and integrated with Hyperliquid’s ecosystem.

Data from DefiLlama shows the protocol holds roughly $30 million in total value locked. That figure places it among mid-sized DeFi platforms, making the incident notable but not systemically critical.

Recent Incident Adds to Growing List of Crypto Domain Hijack Attacks

Domain hijacking remains a recurring threat across the crypto industry. Attackers often gain control of frontend websites and insert wallet drainers or malicious prompts. These tactics bypass smart contract security and target users directly instead.

A recent example involved the BONKfun domain, which attackers compromised to redirect users. Another case saw Curve Finance lose control of its domain in May 2025 through a DNS-level attack. Its contracts remained secure, but users were exposed to a fake interface.

More severe outcomes have occurred elsewhere. Drift Protocol suffered a major exploit involving compromised multisig signers, resulting in roughly $270 million in losses. Reports linked the attack to the Lazarus Group, known for targeting crypto platforms.

HypurrFi has not shared a timeline for resolving the issue. As per reports, the team says updates will follow once the domain is restored and verified as safe.