On Thursday, a single user on the decentralized trade platform Hyperliquid lost nearly $ 21 million after a private key leaks that led to an exploitation involving the platform’s hyperdrive lending protocol.
According to Blockchain Security Company Peckshield, the attack target 17.75 million DAI (Dai) and 3.11 million syrupusdc, a synthetic version of the USDC Stablecoin used within Hyperdrive, and subsequently killed stolen funds in Ethereum.
Peckshield did not confirm how the private key was compromised.
Exploitation comes in the middle Rapid growth for hyperliquidwhich attracts significant attention due to the points -based rewards program designed to boost the user’s liquidity and participation. The program recently ended with a major airdrop with more than 94,000 addresses.
Just last week, the platform processes more than $ 3.5 billion in trading volume, according to data from Defillama.
However, as decentralized exchanges (DEX) continue to experience a modified activity, the incident emphasizes a familiar question: How can users remain safe in an ecosystem developed in self-custody and intelligent contracts?
Related: As US Bitcoin Reserve Stalls, the chainalysis flags $ 75B in seizable crypto
How traders can stay protected
While the cause of the exploitation on Thursday remains under the investigation, security analysts emphasize that decentralized users can take a lot of caution to reduce risk.
DEXs like Hyperliquid provide entrepreneurs with full care of their crypto assets, but this control also means that they have full responsibility for securing them. Experts recommend maintaining a “Hot” purse for active trading And a “cold” purse for long -term storage, ensuring that most funds remain offline and not reach online threats.
Only a small portion of the property of an entrepreneur should remain in purses connected to the Dex to limit potential losses in case of a private key compromise or malicious intelligent contract.
Related: Hardware compared to software wallets: major differences
To protect against private major exploits, hyperliquid users should not share their private keys or seed phrases, even with the applause of the API purse. The official hyperliquid documentation is clearly Warning: “Don’t share your private key with anyone.”
Users should also be careful with fake “permissions” pages or support messages on platforms such as Telegram or Discord, which often pretends to official staff to steal credentials.
At the end of hyperliquid exploitation, the crypto exchange mexc Pinuineuhan Users who “check positions and approves to a block explorer,” that mention that exploitation often occurs when entrepreneurs give excessive permission to defi protocols.
Security experts recommend regularly reviewing and retrieving unnecessary permissions using tools such as Ethercan token approved feature or similar onchain management platforms.
Related: Crypto hack losses dropped by 37% in Q3 as tactics moved into purses
