TLDR
- A Hyperliquid trader lost $21 million after their private key was exposed, allowing an attacker to drain their wallet of DAI and SyrupUSDC tokens
- The exploit targeted only the individual trader’s wallet, not the Hyperliquid platform itself, which continues to operate normally
- The attack happened after the trader closed a $16 million long position on HYPE tokens, with funds quickly bridged to Ethereum
- Hyperliquid has processed over $3.5 billion in trading volume in the past week and recently completed an airdrop to 94,000 addresses
- Security experts recommend separating funds between hot and cold wallets, never sharing private keys, and regularly reviewing smart contract permissions
A trader on decentralized exchange Hyperliquid lost approximately $21 million on Thursday after their private key was compromised. The attacker drained the wallet of 17.75 million DAI and 3.11 million SyrupUSDC tokens.
Blockchain security firm PeckShield first reported the exploit. The stolen funds were quickly bridged to the Ethereum network.
#PeckShieldAlert A victim 0x0cdC…E955 lost ~$21M worth of cryptos on #Hyperliquid due to a private key leak.
The hacker has bridged the stolen funds to #Ethereum, including 17.75M $DAI & 3.11M $MSYRUPUSDP. pic.twitter.com/yZUMM6xL5f
— PeckShieldAlert (@PeckShieldAlert) October 10, 2025
The attack occurred shortly after the victim closed a profitable long position. The trader had liquidated a $16 million position on HYPE tokens, selling 100,000 tokens for $4.4 million.
PeckShield has not confirmed how the private key was obtained. The company stated the method of compromise remains under investigation.
The Hyperliquid platform itself was not compromised. Only the individual trader’s wallet was affected.
Platform Growth Continues
Hyperliquid has experienced rapid growth in recent weeks. The platform processed over $3.5 billion in trading volume during the past seven days, according to DefiLlama data.
The exchange recently completed a major token airdrop. Over 94,000 addresses received tokens through the distribution.
The platform uses a points-based rewards program. This system is designed to increase liquidity and encourage user participation.
Decentralized exchanges give users full control of their assets. This control comes with complete responsibility for security.
Crypto exchanges and DeFi protocols were the top two targets for exploits in the third quarter of 2025. This data comes from security firm CertiK.
Security Recommendations for Users
Security experts recommend several steps to protect funds on decentralized exchanges. Users should maintain separate wallets for different purposes.
A “hot” wallet can be used for active trading. A “cold” wallet should store long-term holdings offline.
Only small amounts needed for trading should remain in wallets connected to DEXs. This limits potential losses if a private key is compromised.
Hyperliquid’s official documentation warns users never to share private keys or seed phrases. This applies even during API wallet setup.
Users should watch for fake authorization pages. Scammers often impersonate official staff on platforms like Telegram or Discord.
Crypto exchange MEXC advised traders to check positions and approvals regularly. Exploits often happen when users grant excessive permissions to DeFi protocols.
Security experts recommend using tools like Etherscan’s Token Approvals feature. These platforms allow users to review and revoke unnecessary smart contract permissions.
The compromised address could still receive tokens after the theft. Hyperliquid rewards on-chain activity based on wallet addresses, not user identity verification.
