Finst

Fake HyperSwap Airdrop Drains User of $12,300 in 84 Seconds

The attack used a fake X airdrop and a single wallet approval on HyperSwap to drain the position, convert it to HYPE, and move the funds to Ethereum.

Fake HyperSwap Airdrop Drains User of $12,300 in 84 Seconds

Key Takeaways

  • A HyperSwap user lost about $12,300 after clicking a fake airdrop on X and approving one wallet request.
  • Within 84 seconds, a scammer took over the position, drained the funds, converted them to HYPE, and sent the money to Ethereum.
  • The incident shows how fast phishing can move in DeFi and how one signature can be enough to hand over access.

A HyperSwap user lost about $12,300 (€10,800) after clicking on a fake airdrop on X and approving a single wallet request. In just 84 seconds, a scammer had taken over the position, emptied the funds, converted them into HYPE, and moved the money to Ethereum. The case is a sharp reminder of how fast a phishing attack can spread through a DeFi environment, especially when one signature is enough to unlock access to a position.

How the Attack Worked

Based on a reconstruction from public blockchain data, the attack began with a fake X account pushing an airdrop. The victim was using HyperSwap, a crypto exchange built on the Hyperliquid blockchain, and had deposited funds into a liquidity pool. In exchange, he could earn trading fees, while his position on HyperSwap V3 was tracked as NFT #178549.

That NFT was not a collectible. It was a digital receipt that represented the underlying position, and whoever controlled it also controlled the associated funds. Once the user approved one wallet request, the attacker gained that control and was able to drain the position.

Why This Matters

The incident is part of a wider wave of phishing and scam campaigns targeting DeFi and social media users. That trend is not new: a recent study on crypto fraud losses found that impersonation and other scams are becoming harder to stop before victims send money. Earlier research also showed that a large share of promoted NFT projects on Twitter turned out to be fraudulent, while DeFi users reported a combined $1.95 billion (€1.7 billion) in losses from scams and hacks in 2023. For European crypto users, that makes this kind of attack especially relevant, since it often starts not onchain, but with what looks like a harmless post or giveaway.

For anyone using wallets and decentralized exchanges, the main lesson is simple: pay close attention to what you are approving. In this case, no major technical hack was needed, only a mix of social engineering and one rushed signature.


Disclaimer: This content is for informational purposes only and does not constitute financial, investment, legal, or tax advice. The information provided may be incomplete, inaccurate, or outdated and should not be relied upon as such. Nothing on this website should be considered a recommendation to buy, sell, or hold any cryptocurrency. Investing in crypto-assets involves risk of loss.