A Hyperliquid user has reportedly lost $21 million in digital assets after a private key leak, according to blockchain security firm PeckShield.
The victim’s wallet, identified as 0x0cdC, was drained of 17.75 million DAI and 3.11 million MSYRUPUSDP tokens. The attacker has bridged the funds to Ethereum, where they remain under active monitoring.
The exploit does not seem to be a protocol‑level breach but a compromise of user credentials, renewing debate over self‑custody risks and key management. While Hyperliquid itself remains operational, the incident underscores how a single user error can have multimillion‑dollar consequences on decentralized platforms.
Broader pattern of exploitation
The timing of the hack comes amid a broader rise in scams targeting retail crypto users. Fake apps posing as trusted Web3 platforms trick users into entering private keys or linking wallets that drain funds instantly. Researchers say scammers now buy verified Apple dev accounts, rebrand them, and weaponize user trust in “official” stores.
As The CryptoTimes reported yesterday, on October 9, two victims reportedly lost $28,000 to fake crypto trading apps listed on Apple’s App Store.
The expanding risk surface in crypto
The Hyperliquid theft and the fake‑app scams reflect a shared vulnerability: user complacency in managing private data. As DeFi platforms and crypto wallets scale, the complexity of personal custody creates opportunities for bad actors to exploit gaps in user understanding.
Experts warn that decentralization kills middlemen but dumps all risk on users, one lost key or fake app can wipe everything. These incidents expose a core dilemma in crypto: trust without accountability. As scams evolve from phishing sites to verified app stores, this incident shows it’s not the code but the human layer that fails.