risky
Hyperliquid Phishing Attack Compromises 1,200+ Accounts
Over the past two months, Hyperliquid has experienced a security incident involving over 1,200 compromised addresses due to a phishing operation. The attack exploits a malicious signature to convert a user's externally owned account (EOA) into a unique multisignature contract, where the attacker gains exclusive signing rights. This conversion occurs instantly, allowing the attacker to fully control the victim’s HyperCore assets, including unstaking HYPE tokens and withdrawing after the stipulated 7-day unbonding period. As multisigs are a fundamental feature of HyperCore, the vulnerability is confined to this platform and does not impact assets on HyperEVM, nor does it stem from a protocol flaw or smart contract bug. Instead, it highlights a susceptibility within the multisig design that can be exploited through phishing tactics.
Source available for registered users Sign Up Free
AI Analysis
The recent incident involving Hyperliquid underscores an important vulnerability associated with multisignature (multisig) setups, despite their widespread use as a security feature in blockchain plat...
AI Recommendation
Investors and users currently exposed to Hyperliquid should exercise caution and review their account activity and security settings. It would be wise to enable multi-factor authentication where possi...
Disclaimer
The AI analysis and recommendations provided are for informational purposes only. Any investment decisions should be made at your own risk. Past performance is not indicative of future results. Always conduct your own research and consider consulting with a financial advisor before making any investment decisions.
You might also be interested in:
top pick
hold
strong buy
comment