Meet the Top 101 in Crypto
Security
3 min read

ZachXBT Flags $400K Exploit: Hypurr NFTs Drained From Compromised HyperEVM Wallets

Published 29 September 2025
James Morales
Authors
Key Takeaways
  • On Sunday, early adopters of Hyperliquid were airdropped a collection of 4,600 “Hypurr” NFTs.
  • Some NFTs prized for their rare traits have exchanged hands for six-figure sums.
  • A malicious actor identified by ZachXBT stole eight Hypurr NFTs, which they sold for $400,000.

On Sunday, Sept. 28, the Hyper Foundation airdropped a collection of cat-themed “Hypurr” NFTs to early Hyperliquid users, which were soon swapping hands for six-figure sums. But it didn’t take long before malicious actors took advantage of the NFT craze.

In a heist uncovered by ZachXBT, eight Hypurr NFTs were lifted from compromised wallets, netting the cat burglar a $400,000 profit.

New Trending Crypto Wallet Offers
Sponsored
Disclosure
Opened in 2018
Promotions
Trusted, Secure & Crypto Friendly
Coins
Bitcoin Ethereum Tether Wrapped BNB USD Coin +87
Opened in 2017
Promotions
Receive Up to $10 in BTC when you buy and activate a Tangem Wallet.
Coins
Bitcoin Ethereum Tether Wrapped BNB Solana +68
Show More

Hyperliquid Airdrops Viral NFT Collection

The Hyper Foundation has been teasing an NFT drop ever since last year’s initial HYPE distribution.

In less than 24 hours, Hypurr NFTs have amassed a trading volume of around 1.3 million HYPE, or more than $62 million.

At the time of writing, the collection of 4,600 feline characters had a floor price of 1,595 HYPE ($76,000).

In the collection of 4,600 feline characters, some of the rarest traits are only attributed to a single Hypurr, making them extremely sought after in an NFT market that values scarcity above all else.

Hypurr #21, which sold for 9,999 HYPE ($477,000), currently ranks as the most expensive.

One of the rarest items in the collection with six unique traits, Hypurr #22, is listed for 222,700 HYPE, or $10.4 million.

HyperEVM Wallets Compromised

While many airdrop recipients were celebrating their luck at landing a prized NFT, ZachXBT highlighted a malicious HyperEVM address that received and quickly flipped stolen Hypurrs.

While Hyperliquid has a separate exchange layer that utilizes off-chain wallets, these do not support NFTs, which are built on an Ethereum token standard.

For smart contract functionality, Hyperliquid runs HyperEVM—an Ethereum-like chain that functions as an execution layer. HYPE itself exists as both a native balance on the exchange layer, and as an ERC-20 token on HyperEVM.

This bilayered platform design boosts the efficiency of Hyperliquid’s decentralized perpetual futures exchange. However, the EVM component introduces the same vulnerabilities that plague Externally Owned Accounts (EOAs) on Ethereum.

In the case of the stolen Hypurr NFTs, it isn’t clear exactly how the wallet keys were compromised. Common attack vectors include phishing scams and malicious contracts, malware, key loggers, and insecure storage.

James Morales

James Morales is CCN’s blockchain and crypto policy reporter. He has been working in the news media since 2020, writing about topics such as payments, banking and financial technology. These days, he likes to explore the latest blockchain innovations and the evolving landscape of global crypto regulation.

With an educational background in social anthropology and media studies, James uses his platform as a journalist to explore how new technologies work, why they matter and how they might shape our future.

Related

Survey Icon
Help us improve
1 of 4
Is this your first time here?
What brought you here today?
What are you most interested in?
Would you be interested in:
Thank you icon
Thank you for your feedback!
DMCA.com Protection Status