DeFi lending protocol HypurrFi has issued a critical security alert, warning users not to interact with its website or application following a suspected domain hijack. The protocol's founder, androolloyd, posted a direct warning on X on Friday, stating, "Do NOT USE THE HYPURR .FI domain, it is compromised."
The team clarified that while its social media accounts remain secure and under its control, the primary domain for the platform's frontend interface has been compromised. Users have been instructed to "avoid all interaction with the app until further notice from the team." The protocol, which operates on the HyperEVM blockchain and is integrated with Hyperliquid's ecosystem, currently holds approximately $30 million in Total Value Locked (TVL), according to DefiLlama.
Importantly, the team stated there is currently no evidence of risk to user funds, suggesting the issue is isolated to the frontend website and not the underlying smart contracts. However, frontend compromises pose a significant threat, as attackers can deploy malicious interfaces that mimic the legitimate app, potentially prompting users to sign transactions that drain their wallets.
This incident highlights a persistent vulnerability in the DeFi space. Domain hijacking attacks target centralized components like DNS records and web hosting, which sit outside blockchain security guarantees. Recent similar incidents include the compromise of the BONKfun domain last month and a DNS-level attack on Curve Finance in May 2025.
The immediate focus is on HypurrFi regaining control of its domain and verifying that no malicious activity occurred during the compromise. The broader takeaway reinforces the need for enhanced safeguards in domain management and the ongoing security gap between on-chain smart contracts and off-chain infrastructure.
