Key Takeaways
- The Hyperdrive smart contract exploit cost users about $782,000 on two of its markets
- The vulnerability was due to an arbitrary call available in the protocol’s router that the attacker exploited to drain funds.
- This is the third major security breach within the Hyperliquid network, which causes concern for the resilience of the ecosystem in general.
Table of Contents
DeFi Protocol Hyperdrive Pauses Markets After $782K Exploit
The Hyperdrive smart contract exploit on September 28, 2025, resulted in a loss of roughly $782,000. There were two markets affected by the Hyperliquid-based lending protocol. The first market was the Primary USDT0 Market. The second was the Treasury USDT Market. After the events, the Hyperdrive team paused all markets to limit additional loss, identified the exploit, and patched it. They also confirmed that a reimbursement plan for users affected by the exploit is being finalized. All markets were operational again.
The Attack Methods
In this Hyperdrive smart contract exploit, the attacker took advantage of a vulnerability in the protocol’s router contract that granted extensive operator permissions. This allowed the malicious actor to make arbitrary calls with no restrictions and move he funds, effectively draining collateral from two user positions. After the drain, the hacker bridged 673,000 USDT0 and 110,244 thBILL (a tokenized Treasury Bill asset), to other chains and quickly converted the assets into BNB and ETH.
Read also: INTERPOL’s Global Financial Crime Operation Recovers $439M, Freezes 400 Crypto Wallets
A Distressed Ecosystem
The Hyperdrive smart contract exploit represents the third major security event on Hyperliquid’s network in the last few months, adding to the $12 million loss of funds from on-chain price manipulation in March and another $4 million from a vault incident. This episode occurred just two days after the HyperVault rug pull of $3.6m, further backing the concerns about security and negatively impacting community sentiment.
Summing Up
So far, while the Hyperdrrive team’s fast response prevented a more severe disaster and the system restoration, the repeated incidents accentuate the ongoing security maturation issues of emerging decentralized finance (DeFi) ecosystems.
Final Thought: For Hyperliquid to create and maintain a competitive advantage, a fundamental shift toward increased security audits is needed for sure. The innovation of the chain speaks for itself; however, its resilience is now put to the test.
FAQs
What is an arbitrary call exploit?
It refers to a security vulnerability whereby a smart contract’s functions can be exploited to perform unwanted actions, often leading to loss of funds.
What is thBILL?
thBILL is a tokenized version of a United States Treasury Bill that gives users yield on a traditional financial asset within DeFi protocols.
What does “pausing a market” mean?
It is an emergency action where a protocol temporarily halts all deposits, withdrawals, and trades to prevent further exploitation during a security crisis.
For more crypto drain stories, read: Venus Protocol Recovers $13.5M in Dramatic Phishing Attack Reversal
