In a heist uncovered by ZachXBT, eight “Hypurr” NFTs were lifted from compromised wallets, netting the cat burglar a $400,000 profit. | Credit:Matt Cardy/Getty Images.
On Sunday, Sept. 28, the Hyper Foundation airdropped a collection of cat-themed “Hypurr” NFTs to early Hyperliquid users, which were soon swapping hands for six-figure sums. But it didn’t take long before malicious actors took advantage of the NFT craze.
In a heist uncovered by ZachXBT, eight Hypurr NFTs were lifted from compromised wallets, netting the cat burglar a $400,000 profit.
The Hyper Foundation has been teasing an NFT drop ever since last year’s initial HYPE distribution.
In less than 24 hours, Hypurr NFTs have amassed a trading volume of around 1.3 million HYPE, or more than $62 million.
At the time of writing, the collection of 4,600 feline characters had a floor price of 1,595 HYPE ($76,000).
In the collection of 4,600 feline characters, some of the rarest traits are only attributed to a single Hypurr, making them extremely sought after in an NFT market that values scarcity above all else.
Hypurr #21, which sold for 9,999 HYPE ($477,000), currently ranks as the most expensive.
One of the rarest items in the collection with six unique traits, Hypurr #22, is listed for 222,700 HYPE, or $10.4 million.
While many airdrop recipients were celebrating their luck at landing a prized NFT, ZachXBT highlighted a malicious HyperEVM address that received and quickly flipped stolen Hypurrs.
While Hyperliquid has a separate exchange layer that utilizes off-chain wallets, these do not support NFTs, which are built on an Ethereum token standard.
For smart contract functionality, Hyperliquid runs HyperEVM—an Ethereum-like chain that functions as an execution layer. HYPE itself exists as both a native balance on the exchange layer, and as an ERC-20 token on HyperEVM.
This bilayered platform design boosts the efficiency of Hyperliquid’s decentralized perpetual futures exchange. However, the EVM component introduces the same vulnerabilities that plague Externally Owned Accounts (EOAs) on Ethereum.
In the case of the stolen Hypurr NFTs, it isn’t clear exactly how the wallet keys were compromised. Common attack vectors include phishing scams and malicious contracts, malware, key loggers, and insecure storage.
ZachXBT Flags $400K Exploit: Hypurr NFTs Drained From Compromised HyperEVM Wallets – CCN.com
