Hyperdrive Restores Operations After $780K Exploit

Highlights:

• Hyperdrive reimbursed users after a more than $780K exploit that drained two markets.
• The exploit traced to router contract permissions during lending processes.
• Markets resumed operations after auditors confirmed a patch and remediation.

Decentralized finance protocol Hyperdrive has resumed normal operations following a major exploit that drained over $780,000 on September 27, 2025. The target for this attack was two specific markets on the Hyperliquid blockchain, Primary USDT0 and Treasury USDT0. Upon discovery, the team acted quickly and halted all trading activity to prevent more damage from occurring. They confirmed that the issue was isolated and did not impact any other contracts or assets on the platform.

The protocol has since reimbursed all affected users. In their update on September 29, Hyperdrive wrote that operations are now stable and back to normal. The team also assured the users that all the vulnerabilities have been patched and no funds remain at risk.

All markets are fully operational and funds have been restored to all impacted accounts.

Summary of Events:
• On Saturday June 27, 2025, around 2200 hours Singapore time, the Hyperdrive team was alerted to certain suspicious activity occurring in the Primary and Treasury USDT0… https://t.co/OiDedFRhOB

— Hyperdrive (@hyperdrivedefi) September 29, 2025

The exploit came from the router contract, which carried operator privileges during the borrowing process. This configuration provided access for the attacker to mishandle collateralized positions and carry out unauthorized functions from allowlisted contracts. Two user accounts were drained of 672,934 USDT0 and 110,244 thBILL tokens.

Immediate Response and Containment by Hyperdrive

Hyperdrive acted fast after detecting the exploit. They engaged external auditors and blockchain forensic experts to analyze the attack. The investigation confirmed that only the Primary and the Treasury USDTO markets were affected. In addition, all other markets and smart contracts were safe.

The attacker transferred the funds to Ethereum and BNB Chain. Some of the assets have been laundered by using Tornado Cash to conceal their origin. According to Hyperdrive, the threat actor behind the breach is already known in the DeFi space and has been linked to other protocol exploits.

Within hours, the development team managed to release a patch to close the vulnerability. Auditors were presented with the fix before it was implemented. Markets remained shut down until every affected user was made whole. For users who still have unresolved issues, the team has opened up support to their Discord channel. The prompt response prevented further damage from occurring. All systems are now fully operational. Security teams have confirmed the exploit has been completely neutralized.

Next Steps for Hyperdrive and Ecosystem Impacts

Hyperdrive plans to publish a full post-mortem report in the next few days. It will contain more technical insights and analysis. While the incident was serious, the team stated that it remained committed to growing yield products, such as tokenized Treasury bills, with Theo Network.

The event comes days after HyperVault, another protocol on Hyperliquid, experienced a $3.6 million rug pull. These incidents raise concerns about the security and lack of validator decentralization of the blockchain. Though Hyperdrive moved on the fast track, there are critical risks in the broader ecosystem.

A project on Hyperliquid, Hypervault, just rugged $3.6m in users’ assets pic.twitter.com/38AF1Wddjv

— Anon Vee (@AnonVee_) September 26, 2025

With the continuing concerns, it aims to increase its audit coverage and improve its internal review activities. They also advised users to be wary of phishing messages and to consult trusted sources for information.

Despite the setback, Hyperdrive is committed to protocol safety, transparency, and user trust. By patching the flaw in time and reimbursing losses, the protocol was able to avoid deeper damage. With Hyperdrive restoring operations, the team aims to regain confidence and proceed with its roadmap.