On Thursday, a user of the decentralized trading platform Hyperliquid suffered a loss of approximately $21 million due to a private key leak, which the attacker further exploited through the Hyperdrive lending protocol.

Blockchain security company PeckShield reported that the attacker stole 17.75 million DAI and 3.11 million SyrupUSDC, a derivative stablecoin from the Hyperdrive protocol. The attacker then transferred the funds across chains to Ethereum.

PeckShield has not yet confirmed the specific cause of the private key leak.

This attack occurred while the Hyperliquid platform was rapidly developing, attracting significant attention with its points reward program aimed at enhancing liquidity and user engagement. Recently, the platform has conducted large-scale airdrops to over 94,000 addresses.

According to data from DeFiLlama, the platform's trading volume has exceeded $3.5 billion in the past week.

Decentralized exchanges remain active, and concerns about user asset security have resurfaced: how to ensure asset safety in a self-custody and smart contract-based ecosystem?

While the cause of Thursday's attack is still under investigation, security analysts point out that users of decentralized exchanges can take several measures to reduce risk.

DEXs like Hyperliquid allow traders full control over their crypto assets, but they also require users to ensure the safety of their assets. Experts recommend using a "hot wallet" for daily transactions and a "cold wallet" for long-term storage, ensuring that the vast majority of funds are kept offline to maximize security and mitigate online risks.

Traders should only keep a small amount of assets in the wallet connected to the DEX to minimize losses in case of a private key leak or malicious smart contract encounter.

To prevent private keys from being exploited, Hyperliquid users should avoid leaking their private keys or recovery phrases at all stages, including API wallet settings. Hyperliquid's official documentation also clearly warns: "Do not share your private key with anyone."

Users should also be vigilant against fake authorization pages or customer service information impersonating the official on platforms like Telegram and Discord to prevent credential theft.

After the Hyperliquid attack, cryptocurrency exchange MEXC advised users to "check their holdings and authorization status through a blockchain explorer." MEXC also noted that attacks often occur when traders grant excessive permissions to DeFi protocols.

Security experts recommend that users regularly utilize Etherscan's token authorization management feature or other on-chain tools to proactively review and revoke unnecessary authorization permissions.

Related: Solana ETF competition heats up: Bitwise makes a serious move with a 0.20% ultra-low fee rate.

Original article: “Traders Lose $21 Million on Hyperliquid Due to Private Key Leak: How to Ensure Security”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。