The cryptocurrency community is once again in shock: unknown hackers have stolen over $20 million from a user’s wallet associated with the Hyperliquid platform. The key reason for the incident was the compromise of the account owner’s private key.
This is reported by Business • Media
Details of the Attack and the Actions of the Perpetrators
According to information from the user known as mlmabc, the criminals gained access to the private key, allowing them to withdraw all assets from the Hyperliquid account. As a result, approximately $17 million was lost from the exchange account, along with another $3.1 million that was held in the Plasma Syrup Vault. Prior to the hack, the user closed a long position of $16 million in HYPE tokens and sold 100,000 HYPE for $4.4 million. After that, the account was completely cleared of assets.
“The reason seems to be that his private key was compromised – resulting in a total wipeout: roughly $17M lost from his Hyperliquid account and another $3.1M that was…”
All assets after the hack were transferred to a wallet with the address 0xF4bE227b268e191b79097Daad0AcCcD9a7A7FAD2. Subsequently, the stolen USDC was exchanged for DAI, and the received funds were split between two new wallets. Another $3.11 million in MSYRUPUSDP was also transferred to a different address.
Wave of Attacks on the Crypto Market and New Hacking Schemes
Such incidents are not new for Hyperliquid. In March 2025, due to a whale transaction on Ethereum exceeding $335 million, the platform suffered losses of $4 million in a single day, while the trader made a profit of nearly $1.9 million.
Additionally, in September 2025, analysts from PeckShield recorded over 20 large-scale attacks on crypto projects, including UXLINK, SwissBorg, Venus, Yala, and GriffAI. Total losses at that time reached approximately $127 million.
Experts note that hackers are increasingly using social engineering and new technical methods to steal crypto assets. For instance, researchers from ReversingLabs discovered instances where malware was hidden in Ethereum smart contracts, complicating its identification.
Recently, attacks exploiting private key leaks have also been recorded. One MetaMask user lost WLFI tokens due to an attack using the EIP-7702 exploit—a similar method was likely employed this time during the Hyperliquid hack.
According to Elliptic, in 2025, North Korean hackers seized over $2 billion in crypto assets, nearly three times more than in 2024. Experts emphasize that “malicious actors are increasingly targeting private investors.”
To enhance security, the analytics firm TRM Labs announced the launch of Beacon Network—the world’s first instant response system for crypto crimes. Major market players such as Binance, Coinbase, and PayPal have already joined this initiative.