A Hyperliquid user operating wallet address 0x0cdC…E955 has lost $21 million worth of crypto to hackers, following a private key breach. Blockchain security specialists at PeckShield tracked the movement of stolen assets through on-chain analysis, revealing that the attackers quickly moved to transfer the compromised funds to the Ethereum network. The stolen haul included approximately 17.75 million DAI tokens and 3.11 million MSYRUPUSDP tokens. PeckShield’s investigation included visual evidence in the form of screenshots that map out various wallet addresses implicated in the theft. #PeckShieldAlert A victim 0x0cdC…E955 lost ~$21M worth of cryptos on #Hyperliquid due to a private key leak. The hacker has bridged the stolen funds to #Ethereum , including 17.75M $DAI & 3.11M $MSYRUPUSDP . pic.twitter.com/yZUMM6xL5f — PeckShieldAlert (@PeckShieldAlert) October 10, 2025 The data shows a clear trail of stolen tokens being systematically transferred and redistributed through Monero dark pool . This methodology closely mirrors the tactics employed by cybercriminals in previous high-profile cryptocurrency thefts. $16M Long Trade Close Links to the Hyperliquid Private Key Breach A mysterious aspect of the hacking incident involves the timing of certain trading activities. Precisely when PeckShield issued its initial alert about the breach, trading records show that a Hyperliquid account executed a closure of a HYPE long position valued at $16 million. Source: Hypurrscan This same account also liquidated 100,000 HYPE coins, converting them into $4.4 million. Researchers at MLM conducted an analysis of transaction records from Hypurrscan and have put forward the theory that this trading account likely belongs to the compromised user. Their reasoning centers on the observation that these newly acquired assets were converted into the stablecoins USDC and DAI, then dispersed across numerous wallet addresses spanning both the Ethereum and Arbitrum blockchain networks. This transaction pattern correlates closely with the movement data that PeckShield documented through Etherscan . The scope of the attack wasn’t limited to assets held directly on the Hyperliquid platform. Investigation findings reveal that the attacker also successfully extracted $3.1 million from the Plasma Syrup Vault liquidity pool. Source: Etherscan These funds, denominated in MSYRUPUSDP tokens, were immediately relocated to a freshly created wallet address. Luke Cannon, a prominent voice on X (formerly Twitter), has suggested that the victim’s losses may be even more extensive. According to Cannon’s analysis , an additional $300,000 may have been drained from associated wallet addresses that the hacker managed to compromise. Similar Hacking Incidents On Hyperliquid Paint a Troubling Picture Another Hyperliquid user shared that he lost $700k in HYPE in a similar incident last month. According to him, he’s not sure how he was hacked, “No malware, no discord chats, no TG calls, no email download,” he added. Lost 700k in hype in a similar incident last month. Not sure how they hacked. No malware, no discord chats, no TG calls, no email download. — BRVX (@TradeThreads) October 9, 2025 He believes the hack was most likely achieved through Windows malware, as he hadn’t touched crypto wallets in a week prior to the hack and had gotten a new MacBook, too, but the wallet wasn’t set up on it. Unlike smart contract bugs or exchange exploits, this attack happened because of a private key leak. That means the attacker gained direct access to the wallet’s login credentials. Such leaks often occur due to phishing links, malware, or unsafe key storage. Security experts have long warned that high-value accounts should always use cold wallets or multi-signature protection to prevent such incidents. Blockstream issued an urgent security alert warning users about a sophisticated phishing campaign targeting Jade hardware wallet owners through fake firmware update emails. #Phishing #Crypto https://t.co/QQMYA4Ezrm — Cryptonews.com (@cryptonews) September 13, 2025 But it seems users continue to fall victim to these exploits. A Pattern of Private Key Breaches Just a few weeks ago, SFUND, the official token of Seedify, plummeted by 99% after North Korean hackers extracted $1.2 million from the DAO launchpad by gaining access to a Seedify developer’s private keys. Similarly, in September, a user of the Venus lending protocol on BNB Chain lost assets worth about $27 million due to a private key breach . According to a report by blockchain security firm CertiK, last year alone saw a loss of $2.36 billion in total across 760 on-chain security incidents. A whopping $1.05 billion was lost to private key breaches through over 296 incidents, accounting for 39% of the total number of attacks suffered in crypto. Source: Certik Private key breach through phishing is popular due to its simplicity and effectiveness, the report says. It is less about technological defenses and more about human vulnerability. Blockchain transactions make phishing “particularly devastating” as they are irreversible. It’s also observed that Ethereum saw the most security incidents overall, with 403 of the total 760 hacks , scams, and exploits, followed by Binance Smart Chain (BSC), the second-most targeted chain when it comes to phishing scams. Source: Certik But now it seems Hyperliquid, as a result of its decentralized nature, is also getting into the mix for hackers and bad actors. The post Hyperliquid User Loses $21 Million to Hackers After Private Key Breach appeared first on Cryptonews .
