HyperDrive DeFi loses $773K in router vulnerability exploit as funds bridge to BNB Chain and Ethereum.
HyperDrive DeFi protocol has suffered a $773,000 exploit affecting two accounts in its Treasury Bill market, with stolen funds split between BNB Chain and Ethereum networks through bridge transfers.
The attack compromised positions using Theo Network’s thBILL as collateral, prompting immediate suspension of all money markets and withdrawals across the platform.
CertiK’s analysis revealed the attacker exploited an arbitrary call vulnerability in the router contract, stealing 672,934 USDT0 and 110,244 thBILL tokens.
The stolen funds were bridged via the deBridge protocol, with approximately $494,000 moved to Ethereum and $279,000 to BNB Chain before being consolidated at a single address.
The incident marks the second major security breach targeting Hyperliquid’s ecosystem within three days, following the $3.6 million HyperVault rug pull, in which developers disappeared after deleting all their social media accounts.
The rapid succession of attacks raises concerns about the security posture of projects building on the decentralized exchange platform.
HyperDrive officials confirmed the exploit was limited to the Primary USDT0 Market and Treasury USDT Market, with no impact on the protocol’s native HYPED token.
The team has engaged security and forensics experts while exploring compensation plans for affected users.
The attacker repeatedly exploited a critical flaw in HyperDrive’s router contract that allowed arbitrary function calls, thereby bypassing normal security restrictions and draining user funds.
CertiK’s forensic analysis identified the specific vulnerability that enabled the systematic extraction of funds from the thBILL Treasury Market.
The exploit targeted accounts holding positions backed by Theo Network’s Treasury Bill tokens, which serve as collateral in HyperDrive’s lending markets.
Notably, security experts have speculated that the attacker’s methodical approach suggests a high level of knowledge of the protocol’s internal mechanics and smart contract architecture.
They noted the stolen funds were quickly moved off-chain through deBridge, a cross-chain protocol that facilitates asset transfers between different blockchain networks.
HyperDrive’s team reached out to the exploiter on-chain, offering a 10% white-hat bounty in exchange for returning the remaining funds.
The protocol suspended all market operations and withdrawal functions to prevent additional malicious activity while investigating the full scope of the compromise.
