A celebratory NFT drop by the Hyper Foundation has quickly taken a dark turn. Blockchain investigator ZachXBT has revealed that malicious actors siphoned off eight Hypurr NFTs, part of a cat-inspired collection airdropped to early Hyperliquid users, netting an illicit profit of around $400,000. The theft has raised serious concerns about wallet security in the HyperEVM ecosystem, highlighting the risks lurking beneath the hype of digital collectibles.

Hyper Foundation’s Hypurr NFTs Spark Frenzy

On September 28, the Hyper Foundation delivered on months of anticipation by airdropping 4,600 Hypurr NFTs to its community. The feline-themed assets, designed with rarity-driven traits, instantly went viral. Within 24 hours, the collection recorded a staggering 1.3 million HYPE in trading volume, equivalent to over $62 million.

Prices soared in secondary markets. The floor price climbed to 1,595 HYPE (≈$76,000), while rarities reached dizzying valuations. Hypurr #21 fetched 9,999 HYPE ($477,000), making it the most expensive to date. Even more eye-catching, Hypurr #22, featuring six unique traits, has been listed for a jaw-dropping 222,700 HYPE ($10.4 million).

The frenzy underscored how scarcity-driven speculation continues to fuel NFT markets, even amid wider doubts about the sector’s long-term resilience.

Wallet Exploit Casts Shadow on Celebration

The jubilation, however, was short-lived. Blockchain sleuth ZachXBT flagged a suspicious HyperEVM address that received stolen Hypurr NFTs and rapidly flipped them for profit. The haul, eight NFTs in total, was sold for about $400,000.

The exact method of compromise remains unclear, but the case highlights persistent attack vectors in blockchain ecosystems. Wallet key thefts can result from phishing schemes, malicious smart contracts, malware, keyloggers, or insecure storage practices.

While Hyperliquid’s exchange layer uses off-chain wallets for perpetual trading, these wallets cannot hold NFTs. Instead, Hypurr assets were stored on HyperEVM, a smart contract execution layer built on Ethereum standards. This architectural split, while boosting efficiency for trading derivatives, exposes NFT holders to the same vulnerabilities faced by Externally Owned Accounts (EOAs) on Ethereum.

The Bilayered Risk of HyperEVM

Hyperliquid’s innovation lies in its dual-layer architecture. The exchange layer handles core trading activity with native HYPE balances, while HyperEVM supports Ethereum-like functionality, including NFTs and ERC-20 tokens.

Yet, this structure inadvertently creates a paradox. While Hyperliquid’s off-chain wallets provide strong custody for exchange trading, NFT holders must rely on HyperEVM wallets, which inherit the same fragilities as Ethereum accounts. The stolen Hypurr NFTs underscore how efficiency gains can coexist with critical security trade-offs.

Security experts caution that this compromise may not be an isolated incident. As NFTs continue to intertwine with DeFi ecosystems, attackers are incentivised to exploit weak links, particularly in new or hybrid infrastructures.

What Comes Next for Hyperliquid and Holders?

The exploit has left the Hyperliquid community grappling with two pressing questions: how were the wallets compromised and what safeguards will follow? The Hyper Foundation has not yet released a formal statement, though speculation suggests that compromised private keys or phishing-related attacks played a role.

For users, the incident is a stark reminder of the importance of cold storage, multisig setups and vigilance against phishing attempts. For the Hyper Foundation, it is a test of transparency and resilience in addressing vulnerabilities while maintaining user confidence.

Despite the theft, trading volumes remain robust and demand for the rarest Hypurr NFTs shows no sign of cooling. But with $400,000 lost in a matter of hours, the exploit has injected a note of caution into an otherwise euphoric launch.

The Hypurr NFT airdrop demonstrated the explosive potential of community-driven digital assets but also laid bare the lingering risks of wallet compromises. As the Hyperliquid ecosystem grows, its challenge will be not just fuelling market excitement but fortifying user security against an ever-evolving landscape of threats.