On April 3, 2026, HypurrFi, a DeFi lending and borrowing protocol on Hyperliquid’s HyperEVM, alerted users not to interact with its website or app after discovering a potential domain hijacking of hypurr.fi, per. Founder androolloyd posted on X: “Do NOT USE THE HYPURR .FI domain, it is compromised,” per. The team confirmed no risk to user funds and that social media channels remain under control, but advised users to avoid the app until further notice, per.
HypurrFi has approximately $30 million in total value locked (TVL), according to DefiLlama, per. The platform allows lending and borrowing on Hyperliquid’s high-performance blockchain for perpetuals trading, per. Domain hijackings are a recurring issue in crypto, often used to deploy wallet drainers or inject malicious code, bypassing even well-audited smart contracts, per. A similar attack hit BONKfun last month, per. The team is actively investigating the breach, per.
Attackers frequently target project frontends to trick users into approving malicious transactions, even when the underlying on-chain protocol is secure, per. This method exploits user trust in familiar domains without needing to compromise the smart contracts themselves, per. HypurrFi’s quick response and clear warning aim to protect its community while the investigation continues, per. Users should rely only on official social media for updates, per.
Users should avoid the hypurr.fi domain entirely and monitor official X accounts for recovery announcements, per. For DeFi exposure, consider protocols with strong security track records and multi-signature or decentralized governance, per. Bitcoin (BTC) and Ethereum (ETH) remain stable amid broader market movements, but such incidents highlight the importance of verifying URLs and using hardware wallets, per. Follow trusted sources like The Block for security updates, per
