A compromised Twitter account tied to HyperliquidX, a major decentralized finance platform, has reignited concerns over the cybersecurity vulnerabilities plaguing the cryptocurrency industry.
The incident, disclosed by HyperliquidX on May 24, involved unauthorized access to the HyperFND Twitter account. While the Hyperliquid blockchain itself was not affected, the breach has raised alarms about phishing attacks and the growing trend of targeting social media accounts linked to high-profile Web3 projects.
“The Hyperliquid blockchain is unaffected,” the company said in a post on X, formerly Twitter, at 06:54 UTC. The platform warned users not to engage with any links or content from the compromised account.
The hack comes months after Hyperliquid reportedly experienced a $250 million outflow amid speculation about potential threats from North Korean-linked actors such as the Lazarus Group. While no evidence directly connects the Lazarus Group to the Twitter compromise, the group has a notorious history, including its alleged involvement in the $625 million Ronin Network hack in 2022.
A 2025 report from Chainalysis found that crypto-related scams and hacks fell in 2023, with scamming revenue down 29.2% and hacking revenue down 54.3%. Still, experts warned that a single large-scale attack could reverse this trend and that many incidents go unreported.
Reaction from the crypto community on X reflected both skepticism and concern. User @Spazz.hl speculated that the breach may have resulted from an internal leak, stating, “The top blockchain for finance isn’t getting their password brute forced.” Others blamed X’s security infrastructure, with @Vuk.Digital writing, “These happen so often. X should up their security standards.”
Concerns over social media security have grown as verified “gold” and “grey” accounts — symbols of credibility — have become lucrative targets. A 2024 investigation by BleepingComputer revealed a black market where such accounts are traded for $1,200 to $2,000, often used to disseminate phishing links and crypto scams.
The attack has also drawn renewed attention to SIM-swapping, a method used by hackers to reroute two-factor authentication (2FA) codes to gain access to social accounts. According to a 2024 report by Ledger, SIM-swapping surged last year. In the HyperFND incident, a suspicious post advertising a “second round of HYPE claims” appeared shortly after the hack — a likely phishing attempt quickly debunked by user @havocrypto, who noted, “It is season 3 and Jeff would never make us claim.”
While HyperliquidX was praised for its swift response, users demanded more proactive measures. “HL team goated on the quick response,” wrote @alrightbuddyHL. Others, including @Chip.hl, called on Elon Musk to enforce stronger protections such as three-factor authentication for verified users.
The timing of the breach is critical. Hyperliquid is preparing for the rollout of the $NEURAL token across both the Hyperliquid and Solana networks — a moment that community member @Hacubi warned could become another vector for scams. “Stay sharp. Hackers will use any hype to bait you,” the post read.
Analysts say the platform’s earlier $250 million outflow already strained user trust. A report by cybersecurity firm OneSafe emphasized that even perceived security lapses could drive financial instability. “Any breach or perceived weakness can trigger serious financial outflows,” the report stated.
Experts continue to recommend that users secure their assets with hardware wallets and avoid clicking unsolicited links, particularly during incidents involving account takeovers.
As Web3 adoption grows, the HyperFND hack stands as a stark reminder that even decentralized platforms remain vulnerable through centralized communication channels — and that the crypto industry still has ground to cover in securing its digital perimeter.
Join our Telegram Channel