Hyperdrive Hack Exposes $773K Loss, Markets Paused for Recovery

Highlights:

• Hyperdrive lost $773K after attackers exploited a permission flaw.
• The issue only impacted two markets and has now been fixed.
• Compensation plans are underway as Hyperdrive aims to resume operations.

A major security vulnerability was announced by DeFi protocol Hyperdrive on September 28, 2025. The Hyperdrive hack resulted in the loss of two compromised positions, which were estimated at around $773,000. PeckShield, a blockchain security company, reported the breach as being triggered by the thBILL markets. These markets are the tokenization of Treasury Bills issued by Theo Network.

The attackers looted 288.37 BNB and 123.6 ETH. These were then bridged to other chains and swapped out quickly. The thBILL token and the $HYPED staking asset were not impacted during the incident. Hyperdrive immediately halted all money markets to avoid further losses.

#PeckShieldAlert @hyperdrivedefi has reported a compromise of 2 accounts in the thBILL market, resulting in a loss of ~$773K.

The stolen funds were split and bridged out:
• 288.37 $BNB → #BNBChain
• 123.6 $ETH → #Ethereum pic.twitter.com/P7Yire2Xdg

— PeckShieldAlert (@PeckShieldAlert) September 28, 2025

Hyperdrive Identifies Root Cause and Acts Swiftly

The team found that the Hyperdrive hack was due to a bug in its operator permission system. Attackers called allowlisted contracts with the router, which had operator privileges. This weakness permitted arbitrary calls and manipulation of specific positions on the market. In addition, the team claimed that the problem was confined to only two markets.

On X, Hyperdrive announced that it had patched the flaw and was on track to fix it. Furthermore, they confirmed that all the affected user accounts were identified in a span of hours. The protocol was audited by Enigma Dark and Bail Security prior to the exploit. However, the weakness still passed through those security checks.

HYPERDRIVE UPDATE:

We are writing this to provide an update on the recent issues affecting the Hyperdrive protocol.

We have identified the root cause and corrected the issue. We have also identified the affected accounts and are enacting a compensatory plan shortly. We expect… https://t.co/715OXYosaB

— Hyperdrive (@hyperdrivedefi) September 28, 2025

Moreover, Hyperdrive assured a compensation scheme to earn the trust of the users again. Reimbursements could consist of ETH, stablecoins, or native tokens, although no details are disclosed. The company has also highlighted that it would remit repayments as quickly as it could. Security analysts observe that quick recovery may be used to restore platform trust.

Hyperdrive to Resume Full Operations Within 24 Hours

Hyperdrive claimed that its platform would resume within 24 hours. This announcement was made at 06:45 UTC with a recovery deadline of September 29, 12:15 PM IST. According to cybersecurity firm Alvaka.net, the general time span of responding to a major incident is 24-48 hours. This places the response of Hyperdrive within reasonable industry schedules.

The company also alerted users about persistent phishing attacks. They encouraged users to use only trusted messengers of communication. Users are encouraged not to use the platform until complete functionality is restored. The HYPED token and the Hyperliquid ecosystem remain affected.

This Hyperdrive hack follows a day after the alleged rug pull by HyperVault. HyperVault disappeared with allegedly $3.6 million in funds bridged to Ethereum. Following the switch to ETH, approximately 752 ETH were processed by Tornado Cash. This sounded an alarm throughout the DeFi sector and caused investor panic.

A project on Hyperliquid, Hypervault, just rugged $3.6m in users’ assets pic.twitter.com/38AF1Wddjv

— Anon Vee (@AnonVee_) September 26, 2025

The X account of Hypervault and its official site have since been taken offline. Meanwhile, the speculation of its disappearance continues on social media. Some users are concerned about a coordinated attack on projects in the Hyperliquid chain. Hyperliquid has only four validator nodes at present, raising concerns in terms of centralization.