Hyperliquid Vault Drained: $29M Vanishes Without User Approval

Another day, another crypto heist—except this time, the vault opened itself.

Hyperliquid users woke up to a $29 million surprise withdrawal, executed without their consent. The platform's security protocols? Apparently more suggestion than rule.

How it happened: The usual suspects (smart contract flaw? admin override?) remain at large. Meanwhile, the 'decentralized' finance space proves yet again that someone always has a backdoor key.

Silver lining? At least it wasn't a 'rug pull'—just your garden-variety nine-figure oopsie. Maybe next time try a vault that, you know, locks.

Community Flags Unauthorized Fund Use

Cain O’Sullivan, a developer with Hyperdrive, raised concerns on X, warning that the HLP0 multi-sig can move user deposits at its own discretion. “This WOULD be great if it was still earning from HLP,” he said, “but the liquidity has been pulled and is now farming yield elsewhere.” He emphasized the risks involved with trusting multi-sig-based systems.

Hyperdrive plans to issue its own tokenized HLP solution once native USDC becomes available on Hyperliquid’s HyperEVM infrastructure.

Team Responds: “Old Model No Longer Relevant”

In response, HLP0 lead developer “GigaSafu” addressed the situation on Discord, stating that Hyperliquid’s introduction of native USDC has made the vault’s original mechanics obsolete. Instead of depositing into HLP, the team has redirected funds toward strategies they claim offer better returns.

According to GigaSafu, minting via Arbitrum allowed for zero-slippage 1:1 deposits, which wasn’t possible through most native wrappers. However, now that native USDC is set to arrive on HyperEVM, minting directly to Hyperliquid is considered more financially efficient.

He argued that by leveraging idle capital into DeFi strategies like arbitrage, automated market operations (AMO), and protocol bribes, HLP0 can outperform standard HLP APR rates.

Dual Vault System Proposed

To address the controversy, the team is proposing a dual-token system:

• HLP0 will become a permissionless, decentralized wrapper for HLP, integrated with Hyperliquid’s CoreWriter and native USDC CCTP mints.

• HLP0+ will operate similarly to the current structure, where the vault manager uses idle capital for discretionary yield farming across chains.

GigaSafu assured users that the vault is currently overcollateralized and offered to immediately redeem HLP0 tokens for any holder who disagrees with the team’s direction. “We are not only fully backed but overbacked right now,” he wrote.

USDC CCTP to Bring Frictionless Transfers

The team is awaiting the rollout of USDC CCTP v2, which will enable seamless USDC transfers between Hyperliquid and other integrated chains. This update is expected to remove the current reliance on bridge-based multi-sig vaults, enhancing both security and user autonomy.

While Circle has not confirmed a specific release date for native USDC support on Hyperliquid, it is listed as “coming soon.”

No Withdrawals Yet

Despite the backlash, HLP0’s total TVL has remained unchanged as of today, with no confirmed user redemptions, according to DeFiLlama. The situation remains fluid as users consider whether to stay in the current system or seek alternatives.

Conclusion

Chainlink’s significant increase in reserve balances signals growing confidence among investors and network participants. As more LINK tokens are held in reserve rather than being moved or sold, it suggests long-term commitment to the protocol’s future. This trend, coupled with Chainlink’s expanding role in powering smart contract ecosystems and real-world data integration, positions LINK as a critical asset in the broader blockchain space. If the reserve accumulation continues, it could serve as a bullish signal for the token’s future price trajectory and adoption rate