Key Highlights
- HypurrFi has identified a potential domain hijack and advised users to avoid its website and app.
- The team said there is no evidence of risk to user funds.
- The incident highlights ongoing risks in the sector despite secure on-chain systems.
HypurrFi has warned users not to interact with its website or lending platform after detecting a potential domain hijack, pointing to an off-chain vulnerability in decentralized finance.
The warning was issued on April 3 via an X post shared by the project’s founder, Androolloyd, who said the platform’s primary domain had been compromised. “DO NOT USE the Hypurr.fi domain; it is compromised,” the founder stated.
No immediate evidence of smart contract risk
Despite the attack, the team said there is currently no evidence of risk to users and that its smart contracts and underlying protocol are still safe. HypurFi also confirmed that its official social media handles are still under control, suppressing the chances of further misinformation spreading via hijacked accounts.
However, users are advised not to interact with the platform’s interface until further notice, as attackers could use the compromised domain to redirect users to malicious sites.
Understanding the attack
Domain hijacking can occur when attackers have control over a website’s domain settings, permitting them to alter DNS records or redirect traffic. In the crypto industry, attacks like these are dangerous because they can mimic legitimate interfaces, resulting in tricking users.
HypurrFi works as a decentralized lending and borrowing protocol made on HyperEVM, an EVM-compatible layer linked with the Hyperliquid ecosystem.
Frontend attacks on crypto protocols
The HypurrFi incident is part of a growing pattern of frontend and domain-level attacks in crypto, where attackers target web infrastructure instead of directly exploiting smart contracts.
A recent example is Bonk.fun, whose domain was hijacked in March 2026 and used to push a wallet-drainer prompt that tricked some users into signing malicious approvals. Another case involved Curve Finance, which said its curve.fi domain was hijacked in May 2025 through a registrar-level DNS attack that redirected users to a fake website while its contracts and data remained uncompromised.
While no funds have been reported lost in the HypurrFi incident, other recent attacks have resulted in significant losses. A Solana-based decentralized exchange, Drift Protocol, was exploited, leading to losses of around $270 million in digital assets. The attack was linked to two compromised signers on Drift’s admin multisig.
The signers were used to perform a transaction modifying Drift’s program configuration. It is also speculated that the attack was performed by the famous Lazrous group from North Korea.
What comes ahead
HypurrFi has not given a timeline for resolution but has assured that it is actively investigating the incident. The team is anticipated to share updates after the domain is fixed and becomes safe and secure for use.
As of now, the incident acts as another reminder for users to verify URLs again and again and avoid interacting with platforms at the time of security alerts, mainly in an environment where even minor lapses can result in significant losses.
Also Read: BlackRock Takes on Binance as Bitcoin Trading Shifts to ETFs