1 hour ago
1
HypurrFi has warned users not to interact with its website or lending app after reporting a possible domain hijacking.
Summary
- HypurrFi warned users to avoid its app after reporting a possible domain compromise Friday.
- The team said user funds remain safe while it investigates the suspected hijacking incident.
- Frontend attacks remain a crypto risk because compromised domains can trick users into signing transactions.
The incident has raised fresh concern over frontend attacks in decentralized finance, even when onchain systems remain intact.
HypurrFi said it is investigating a possible compromise involving its domain. The team asked users to avoid the website and the lending protocol until it shares a new update.
Founder androolloyd posted on X, “Do NOT USE THE HYPURR .FI domain, it is compromised.” The team later repeated that warning and told users not to interact with the app until further notice.
HypurrFi also said there is no current sign of risk to user funds. It added that its social media accounts remain under team control during the investigation.
The warning focused on the website and user access point rather than the protocol’s core contracts. That distinction is common in cases where attackers target frontend systems instead of onchain code.
HypurrFi operates as a DeFi lending and borrowing protocol on HyperEVM. HyperEVM is the EVM-compatible network linked to Hyperliquid’s trading ecosystem.
The protocol has about $30 million in total value locked, based on DefiLlama data. That made the warning more urgent for users who may still try to access the platform through the compromised domain.
The team did not provide details on how the hijacking may have happened. It also did not say when the site would return to normal use.
For now, the main message from the project remains clear. Users should avoid the domain and wait for an official notice before reconnecting wallets or signing any transaction requests.
Domain hijacking remains a known crypto risk
Domain hijacking has become a recurring issue across the crypto sector. These attacks often target a project’s website and user interface instead of its smart contracts.
Once attackers control a domain, they can place wallet drainers or other malicious prompts on the site. This method can affect users even when the underlying protocol has passed security reviews.
A similar case affected the BONKfun domain last month. That incident added to a growing list of attacks that use fake or compromised frontends to reach users.
English (US) · 