A user of HyperSwap fell victim to a clever scam, losing approximately $12,300 in just 84 seconds after clicking a fraudulent airdrop link on X, incorrectly approving a wallet request, and inadvertently granting a scammer access to his funds. The incident has been meticulously reconstructed by BeInCrypto using public blockchain records, revealing a rapid phishing scheme that took place within the Hyperliquid ecosystem.
Details of the Scam Operation
Once the scammer obtained control over the victim’s position in HyperSwap, they quickly withdrew the associated funds, converted them into HYPE tokens, and transferred the money to Ethereum in less than two minutes. It's important to clarify that while HyperSwap operates on the Hyperliquid blockchain, it is independently managed by its own team, unlike Ethereum, which supports numerous applications such as Uniswap.
The Bait: A Deceptive X Account
The victim had been actively engaged with HyperSwap, a decentralized exchange allowing users to trade directly from their wallets without third-party custodians. The victim had contributed funds to a HyperSwap liquidity pool, essentially depositing cryptocurrency for others to trade against, earning fees in return.
In HyperSwap V3, their position was identified by NFT #178549, functioning more like a digital receipt than a traditional collectible. Whoever held this NFT wielded control over the corresponding funds.
The trouble began when the victim encountered a post on X, promoting an enticing airdrop. Airdrops are often used within the crypto community as a strategy to distribute tokens and reward users. However, unbeknownst to the victim, the post originated from a deceptive account that appeared similar to the legitimate HyperSwap account but was actually an imposter known as HyperSwapX.
How the Scam Execution Unfolded
Convinced he was verifying eligibility for the airdrop, the victim connected his wallet and unknowingly approved a transaction allowing the scammer to transfer control over his HyperSwap position. This moment of approval proved pivotal.
Crypto wallets frequently prompt users for transaction approvals, some of which can seem benign. Unfortunately, a fake site can disguise harmful approvals as ordinary steps in claiming tokens, leading users to unwittingly grant access to their assets. At precisely 20:21:51 UTC on June 29, the scammer utilized the earlier approval to transfer NFT #178549 out of the victim’s wallet without any additional signatures.
Records from the HyperEVM explorer flagged the scammer's address, identified as 0x880C95246D7525b84902E6c040818a7C72d3Aa77, as Fake_Phishing3746335, with a warning from HashDit. Following the transfer, the NFT moved to another wallet controlled by the scammer, giving them complete access to the victim's liquidity position. Just twenty-five seconds later, the scammer drained the funds from that position, totaling roughly 3,935 USDC.



