A hacker attack on a Hyperliquid platform user’s account resulted in a loss of over $20 million. The incident occurred due to a compromised private key, allowing the perpetrators to completely withdraw funds from the wallet.
This is reported by Finway
Details of the Attack and Hacker Actions
According to a user with the nickname mlmabc, the owner of the Hyperliquid wallet lost approximately $17 million from the main account and another $3.1 million stored in the Plasma Syrup Vault. According to data from Hypurrscan, a long position of $16 million in HYPE tokens was closed before the attack, and a sale of 100,000 HYPE for $4.4 million was executed. After that, a complete withdrawal of assets occurred.
“The reason seems to be that his private key was compromised – resulting in a total wipeout: roughly $17M lost from his Hyperliquid account and another $3.1M that was…”.
Subsequently, all assets were transferred to a wallet with the address 0xF4bE227b268e191b79097Daad0AcCcD9a7A7FAD2. The attacker exchanged USDC for DAI, after which the funds were distributed between two new wallets. Additionally, $3.11 million in MSYRUPUSDP was transferred to another address.
Wave of Attacks on Crypto Projects and New Threats
Incidents of this magnitude have already occurred with the Hyperliquid platform. For example, in March 2025, a large Ethereum transaction exceeding $335 million caused Hyperliquid to incur losses of $4 million in a single day, although the trader himself made nearly $1.9 million in profit.
In September 2025, analysts from PeckShield recorded over 20 large-scale attacks on crypto projects with total losses of around $127 million. Among the affected platforms were UXLINK, SwissBorg, Venus, Yala, and GriffAI.
According to reports, hackers are increasingly using social engineering and new technological methods to steal crypto assets. Researchers at ReversingLabs have discovered instances of hiding malware in Ethereum smart contracts, significantly complicating its detection. A similar scheme was used during the attack on a MetaMask user who lost WLFI tokens due to an EIP-7702 exploit after the leakage of a private key. Experts do not rule out that a similar approach may have been applied to the Hyperliquid wallet.
According to Elliptic, North Korean hackers stole over $2 billion in crypto assets in 2025, nearly three times the figure for 2024. Specialists note that perpetrators are increasingly targeting private investors.
In response to the escalating threats, the analytical company TRM Labs launched the Beacon Network — the world’s first instant response system for crypto crimes. Major market players such as Binance, Coinbase, and PayPal have already joined the initiative.