Hyperdrive Restores Operations, Compensates Users After $700K Exploit on Hyperliquid

Quick Breakdown 

• Hyperdrive lost nearly $700K in an exploit targeting its router contract but has since reimbursed users.
• Stolen funds were laundered across Ethereum and BNB Chain, with Tornado Cash involved.
• The exploit highlights ongoing security challenges for the Hyperliquid ecosystem.

Decentralized finance protocol Hyperdrive has resumed full operations and reimbursed users following a $700,000 exploit that targeted two markets on the Hyperliquid blockchain.

Exploit and immediate response

Hyperdrive announced on September 29 that it has restored operations after an exploit drained nearly $700,000 from its Primary and Treasury USDT0 markets. According to the update, all affected accounts have been compensated, and market activity has resumed.

All markets are fully operational and funds have been restored to all impacted accounts.

Summary of Events:
• On Saturday June 27, 2025, around 2200 hours Singapore time, the Hyperdrive team was alerted to certain suspicious activity occurring in the Primary and Treasury USDT0… https://t.co/OiDedFRhOB

— Hyperdrive (@hyperdrivedefi) September 29, 2025

The attack, which occurred on September 27, exploited a vulnerability in the protocol’s router contract. The router, which had been granted operator permissions during lending processes, enabled attackers to manipulate collateralized positions and execute arbitrary calls to whitelisted contracts. This resulted in the theft of 672,934 USDT0 and 110,244 thBILL tokens.

Tracking stolen funds

Investigators traced the stolen assets to Ethereum and BNB Chain, where portions were laundered via Tornado Cash. Hyperdrive engaged external auditors and forensic experts to confirm that the vulnerability was patched within hours. Trading was suspended across all markets during remediation and resumed only after funds were restored to users.

Known threat actor involved

The team said the exploit was linked to a known threat actor previously associated with other major DeFi hacks. A detailed post-mortem report is expected in the coming days. Hyperdrive has urged users to rely only on official communication channels to avoid scams.

Long-term strategy and risks

Despite the breach, Hyperdrive reaffirmed its commitment to yield-generating strategies such as tokenizing U.S. Treasury bills in partnership with Theo Network. The project pledged to increase security audits to bolster user trust.

The incident underscores ongoing concerns in the Hyperliquid ecosystem, which has faced recent setbacks, including a $3.6 million rug pull at HyperVault. With only a limited number of validator nodes, the network continues to face scrutiny over centralization and security risks.

Meanwhile, Hyperliquid has launched its first native stablecoin, USDH, following a closely watched governance vote that captured widespread attention across the crypto industry.