# hypeliquid.xyz — MALICIOUS

> hypeliquid.xyz mimics Hyperliquid in a cryptocurrency drainer scam; 9/95 VirusTotal detections. Check the full report.

## Summary
PhishDestroy identifies hypeliquid.xyz as an active brand-impersonation domain masquerading as Hyperliquid, a decentralized exchange and trading platform. The domain leverages a visually similar spelling to deceive users into connecting wallet extensions or entering credentials, a common tactic in cryptocurrency drainer kits. Security telemetry indicates this infrastructure has been weaponized for automated fund extraction via signature requests or malicious transaction payloads targeting Web3 wallets.  
hypeliquid.xyz exhibits multiple technical red flags: it resolves to 188.114.97.3 and was created on January 11, 2024. The domain holds a Let's Encrypt SSL certificate and is flagged by 9 out of 95 VirusTotal security vendors. It is registered through NICENIC INTERNATIONAL GROUP CO., LIMITED and appears on 4 third-party blocklists. Google Safe Browsing (GSB) currently lists this domain as unsafe. Notably, it has been blocked by MetaMask, SEAL, Enkrypt, and ScamSniffer—indicating broad industry recognition of its malicious intent.  
hypeliquid.xyz remains active and continues to pose an elevated risk to users engaging with Hyperliquid-related content. Immediate defensive actions include blocking the domain and IP at DNS/network perimeter levels. Users should verify official Hyperliquid endpoints (hyperliquid.xyz) and avoid interacting with this imposter. While several vendors now detect this threat, the site’s recent registration and partial detection gaps suggest a persistent exposure window. Remaining risk is elevated due to active deployment and limited historical visibility.

## Threat Details
- Verdict: MALICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Hyperliquid

## Domain Intelligence
- Registered: 2024-01-11 20:13:08
- Registrar: NICENIC INTERNATIONAL GROUP CO., LIMITED
- IP: 188.114.97.3

## Detection Status
- VirusTotal: 9 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 4 hits
  Lists: ["MetaMask", "SEAL", "Enkrypt", "ScamSniffer"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/42971107-2a68-4b3e-9039-ee371afa266f
- PhishDestroy: https://phishdestroy.io/domain/hypeliquid.xyz/
- LLM endpoint: https://phishdestroy.io/domain/hypeliquid.xyz/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hypeliquid.xyz/
Last updated: 2026-03-27