- Trending
- Comments
- Latest
Hyperdrive, a lending protocol operating on the Hyperliquid blockchain, confirmed on Sunday that it lost approximately $782,000 in tokens after a Hyperdrive smart contract exploit late Saturday night. The breach targeted two of the protocol’s key liquidity pools, siphoning 673,000 USDT0 stablecoins and 110,244 thBILL tokens before converting them into BNB and ETH and moving the assets off-chain.
The incident represents the third major security challenge within the Hyperliquid ecosystem in 2025, casting doubt on the platform’s resilience against increasingly sophisticated attacks.
“This was the result of an arbitrary call vulnerability in the router smart contract,” — Certik, Blockchain Security Firm.
According to Certik, the Hyperdrive smart contract exploit originated from a flaw in the protocol’s router contract. The vulnerability allowed the attacker to make arbitrary calls, granting unauthorized access to withdraw assets from Hyperdrive’s Primary USDT0 Market and Treasury USDT Market pools.
Hyperdrive responded by pausing operations across the protocol to contain the damage. In a statement, the team said it had identified and resolved the root cause of the breach while working on corrective security measures.
While Hyperdrive has pledged to enact a compensation plan, specific details on distribution and timelines remain undisclosed. The protocol also promised to release a full postmortem report to provide transparency into the incident.
The Hyperdrive smart contract exploit is not an isolated event. Since Hyperliquid’s launch in late 2024, the ecosystem has faced multiple high-profile breaches. Earlier this year, a whale manipulation of the Solana-based memecoin JELLYJELLY led to $12 million in losses. In a separate incident, another manipulation left a Hyperliquid vault $4 million short.
These repeated setbacks have fueled skepticism among crypto investors about the security infrastructure of Hyperliquid protocols. Despite the challenges, data from DeFiLlama shows Hyperdrive still holds approximately $21 million in total value locked (TVL).
Hyperdrive has committed to restoring normal operations once security improvements are fully tested. The team emphasized that compensation for affected users is a priority, though it cautioned that more time is needed to finalize the plan.
Beyond compensation, the release of a detailed postmortem is expected to shed light on how the Hyperdrive smart contract exploit unfolded and the steps taken to mitigate its impact.
With DeFi markets under heightened scrutiny, Hyperdrive’s response will play a key role in determining whether the protocol can rebuild investor trust. But with three significant breaches in less than a year, questions remain about whether security risks are endemic to the Hyperliquid ecosystem.
For now, the Hyperdrive smart contract exploit stands as another reminder of the fragility of decentralized finance infrastructure, where rapid growth often collides with persistent vulnerabilities.
