Overview
- The Sept. 27 attack drained 672,934 USDT0 and 110,244 thBILL from Hyperdrive’s Primary and Treasury USDT0 markets.
- Investigators identified an arbitrary‑call vulnerability in the router contract tied to lending operator permissions, which the team patched within hours.
- Stolen assets were bridged via deBridge to Ethereum and BNB Chain, and part of the haul was laundered through Tornado Cash.
- Hyperdrive paused markets during remediation, engaged Certik and external forensics, reimbursed affected accounts, and has now fully resumed services.
- The incident is the latest in a series of 2025 security setbacks for the Hyperliquid ecosystem, including the recent HyperVault rug pull.