HyperDrive, a decentralized finance protocol operating on the Hyperliquid blockchain, suffered a $773,000 exploit on September 28, 2025, compromising two accounts in its Treasury Bill market. The attack targeted positions using Theo Network’s thBILL tokens as collateral, with stolen funds including 288.37 BNB and 123.6 ETH, which were split and bridged to BNB Chain and Ethereum networks via the deBridge protocol.
Blockchain security firm PeckShield alerted the community, while CertiK’s forensic analysis identified an arbitrary call vulnerability in the router contract that enabled systematic fund extraction, draining 672,934 USDT0 and 110,244 thBILL tokens. HyperDrive immediately suspended all money markets and withdrawals, confirming the issue was limited to the Primary USDT0 Market and Treasury USDT Market, with no impact on the native HYPED token.
This incident marks the second major security breach in Hyperliquid’s ecosystem within 72 hours, following a $3.6 million HyperVault rug pull where developers vanished after deleting social media accounts. Previous incidents include the March JELLY token manipulation that cost $13.5 million and a trader profiting $1.8 million while causing $4 million in vault losses.
HyperDrive’s team engaged security experts, offered a 10% white-hat bounty to the exploiter for fund return, and is developing compensation plans. The protocol is expected to resume operations within 24 hours after fixes. Broader ecosystem scrutiny arises as ASTER DEX challenges Hyperliquid’s dominance, and Arthur Hayes exited his HYPE position citing tokenomics concerns ahead of $11.9 billion unlocks.
BTC
SOL
XRP
MIM
LTC