On November 7, ZachXBT, a well-known on-chain investigator, alerted the community about the presence of a fraudulent Hyperliquid application on the Google Play Store. This discovery has ignited warnings regarding potential scams targeting users of the rapidly evolving decentralized exchange.
Since its launch in late 2023, Hyperliquid has achieved significant growth, amassing over $4.74 billion in total value locked (TVL). However, this swift ascent has drawn the attention of malicious actors, resulting in numerous security challenges. The platform has endured substantial losses due to phishing schemes, direct exploits, and deceptive token offerings.
One of the more notable incidents occurred in December 2024 when Taylor Monahan, a security researcher from MetaMask, issued a warning about the Lazarus Group, a North Korean state-sponsored hacking organization. The group had reportedly begun probing Hyperliquid since October, using known wallets to conduct reconnaissance in preparation for potential future exploits. This revelation raised alarm bells regarding the platform”s vulnerability, especially considering its limited number of validators, which led to a historic $249 million withdrawal in a single day and a significant drop in the platform”s token price.
Further investigations revealed that by March 2025, Chinese authorities had confirmed three separate money laundering cases linked to Hyperliquid, validating concerns regarding its use in illicit fund transfers. In May 2024, users were tricked by fake airdrop sites into signing harmful smart contracts, resulting in irreversible losses from their digital wallets. By January 2025, scams involving Hyperliquid Wallet Connections proliferated through compromised social media accounts and fraudulent advertisements on Google, impersonating the official platform to extract wallet access permissions. This wave of deceit was part of a larger trend that led to losses nearing $500 million across similar schemes that year.
A sophisticated phishing attack in June 2025 allowed hackers to gain control over user addresses by transferring them to multisignature wallets under their control, ultimately compromising all assets, including staked HYPE tokens. Deddy Lavid, CEO of Cyvers, noted that a theft amounting to $21 million appeared to stem from a private key leak, indicating that the attacker had complete control over the compromised wallet without the involvement of a smart contract exploit. “Private keys often get leaked through phishing sites, malware-infected devices, or unencrypted seed phrases stored in the cloud or as screenshots,” Lavid explained. He advised users to adopt hardware wallets, refrain from entering or pasting keys online, and ensure that backups are stored offline and encrypted.
In 2025, the scale of cyberattacks on cryptocurrency platforms surged, surpassing the total losses recorded in all of 2024. Over $2.17 billion has been stolen from services, primarily due to a staggering $1.5 billion theft from ByBit, attributed to North Korean hackers. This incident now holds the record as the largest hack in cryptocurrency history. By mid-year, the total value stolen was already 17% higher than what was recorded in 2022, the previous worst year for crypto thefts. If this trend continues, losses from services could exceed $4 billion by the end of the year. The shift in attack patterns this year has seen a notable increase in attacks targeting individual users rather than solely large services, with personal wallet compromises accounting for nearly a quarter of all stolen funds.
