A Hyperliquid user with the wallet address 0x0cdC…E955 lost $21 million in cryptocurrency to hackers after their private key was compromised.
Experts in blockchain security at PeckShield followed the path of stolen assets using on-chain analysis. They found that the attackers quickly transferred the stolen money to the Ethereum network.
The stolen items included about 17. 75 million DAI tokens and 3. 11 million MSYRUPUSDP tokens.
PeckShield looked into the theft and used pictures of wallet addresses involved to show what happened.
The information shows that stolen tokens are being moved around and shared in a planned way using a Monero dark pool. This method is very similar to what hackers have used in past famous cryptocurrency thefts.
$16 million trade closed due to the Hyperliquid private key breach
An interesting part of the hacking situation is when some trades happened.
Right when PeckShield first warned about the breach, trading records show that a Hyperliquid account closed a HYPE investment worth $16 million.
A Hyperliquid user lost $21 million to hackers because their private key was stolen.
Source: Hypurrscan
This account also sold 100,000 HYPE coins and turned them into $4. 4
Researchers at MLM looked at transaction records from Hypurrscan and they think that this trading account probably belongs to a hacked user.
They noticed that the new assets were turned into stablecoins called USDC and DAI, and then spread out to many different wallet addresses on the Ethereum and Arbitrum blockchain networks.
This pattern of transactions closely matches the movement data that PeckShield recorded using Etherscan.
The attack wasn’t just focused on the things directly on the Hyperliquid platform.
The investigation shows that the attacker took out $3. 1 million from the Plasma Syrup Vault.
A Hyperliquid user lost $21 million to hackers because their private key was stolen.
The money, represented in MSYRUPUSDP tokens, was quickly moved to a new wallet address.
Luke Cannon, a well-known person on X (previously called Twitter), has said that the victim’s losses might be even larger than expected.
Cannon’s analysis shows that the hacker may have taken an extra $300,000 from related wallet addresses they got into.
Similar hacking events on Hyperliquid show a worrying trend
Another Hyperliquid user said he lost $700,000 in HYPE in a similar situation last month.
He said he doesn’t know how he got hacked. He mentioned there was no malware, no chats on Discord, no calls on Telegram, and no email downloads.
He thinks the hack probably happened because of malware on Windows. He hadn’t used his crypto wallets for a week before the hack, and he also got a new MacBook, but the wallet wasn’t set up on it.
This attack happened because a private key was leaked, not because of smart contract problems or issues with exchanges.
This means the attacker got the login information for the wallet. These leaks usually happen because of fake links, harmful software, or keeping passwords in an unsafe way.
Security experts have been saying for a long time that important accounts should always use cold wallets or multi-signature setups to stop these kinds of problems.
But it looks like people keep getting tricked by these scams.
A Trend of Lost Private Keys
A few weeks ago, the official token of Seedify called SFUND dropped by 99% after hackers from North Korea stole $1. 2 million from the DAO launchpad by getting into a Seedify developer’s private keys.
In September, a user of the Venus lending platform on BNB Chain lost around $27 million because someone gained access to their private key.
A report from the security company CertiK says that last year, people lost $2. 36 billion in 760 security problems on blockchain networks.
A huge amount of $1. 05 billion was lost due to private key breaches in more than 296 events, making up 39% of all attacks in crypto.
A Hyperliquid user lost $21 million to hackers because their private key was stolen.
The report says that stealing private keys through phishing is common because it’s easy and works well.
It’s more about how people can be weak than about technology protecting us.
Blockchain transactions are very hard to reverse, which makes phishing attacks especially harmful.
Ethereum had the most security problems, with 403 out of 760 hacks, scams, and exploits. Binance Smart Chain (BSC) had the second-highest number of phishing scams.
But now it looks like Hyperliquid, because it is decentralized, is also attracting hackers and bad people.
