Squidalik👤

⚠️ In the last 60 days, a phishing attack has compromised 1,200+ addresses on Hyperliquid The attack relies on a malicious signature that upgrades a user’s EOA into a 1-of-1 multisig contract, where the attacker becomes the sole signer This change happens instantly, granting the attacker full control over the victim’s HyperCore assets — including the ability to unstake HYPE and withdraw after the 7-day unbonding period Because multisigs are a native primitive of HyperCore, the attacker’s access is limited to HyperCore only, assets on HyperEVM remain unaffected This is not a protocol exploit or smart contract vulnerability — it is a phishing attack that abuses Hyperliquid’s multisig design

⚠️ In the last 60 days, a phishing attack has compromised 1,200+ addresses on Hyperliquid The attack relies on a malicious signature that upgrades a user’s EOA into a 1-of-1 multisig contract, where the attacker becomes the sole signer This change happens instantly, granting the attacker full control over the victim’s HyperCore assets — including the ability to unstake HYPE and withdraw after the 7-day unbonding period Because multisigs are a native primitive of HyperCore, the attacker’s access is limited to HyperCore only, assets on HyperEVM remain unaffected This is not a protocol exploit or smart contract vulnerability — it is a phishing attack that abuses Hyperliquid’s multisig design
𝕏/@lukecannon727

Comments