# hyper-liquid.network — MALICIOUS — Crypto Drainer (Angel Drainer)

> Discover how hyper-liquid.network operated a high-risk crypto drainer scheme. Learn about its takedown and ongoing risks to users.

## Summary
PhishDestroy identifies hyper-liquid.network as a high-risk crypto drainer domain linked to malicious airdrop scams. The site, presenting itself as "Hyperliquid l Airdrop," targeted users with a phishing campaign designed to steal cryptocurrency assets. This campaign leveraged social engineering to entice victims into revealing sensitive wallet credentials.

The domain was registered on December 27, 2025, via NiceNIC International Group Co., Limited, and resolved to IP address 172.67.181.238. It employed the Angel Drainer kit, a known crypto stealing toolkit, and was flagged by 10 out of 95 security vendors on VirusTotal. Additionally, it appeared in five separate security blocklists and was identified in an AlienVault OTX threat pulse. These indicators confirm its malicious infrastructure and active targeting of cryptocurrency users.

Currently, hyper-liquid.network has been taken offline, mitigating immediate risks. However, users should remain vigilant against similar phishing attempts and avoid interacting with suspicious airdrop offers. PhishDestroy recommends updating wallet security measures, enabling multi-factor authentication, and consulting trusted sources before engaging with crypto-related promotions.

## Threat Details
- Verdict: MALICIOUS — Crypto Drainer (Angel Drainer)
- Site status: dead (HTTP 403)
- Drainer type: Angel Drainer
- Scam type: Airdrop Scam
- Kit: Airdrop Scam
- Page title: Hyperliquid l Airdrop

## Domain Intelligence
- Registered: 2025-12-27 00:00:00
- Expires: 2026-12-27 00:00:00
- Registrar: NiceNIC International Group Co., Limited
- Country: HK
- IP: 172.67.181.238
- IP Country: US
- IP City: San Francisco
- IP Org: AS13335 Cloudflare, Inc.
- Nameservers: dimitris.ns.cloudflare.com raquel.ns.cloudflare.com
- SSL Issuer: Google Trust Services / WE1

## Detection Status
- VirusTotal: 10 vendors flagged
  Vendors: ["ADMINUSLabs", "alphaMountain.ai", "CyRadar", "Forcepoint ThreatSeeker", "Fortinet", "Lionic", "SOCRadar", "Sophos", "Trustwave", "Webroot"]
- Google Safe Browsing: clean
- Blocklists: 5 hits
  Lists: ["PhishDestroy", "MetaMask", "ScamSniffer", "SEAL", "Enkrypt"]

## Evidence
- Screenshot: https://urlscan.io/screenshots/019b6037-a8a5-755c-8db4-010788ec6418.png
- Cloudflare Radar: https://radar.cloudflare.com/scan/708cc4ea-4ca4-4c3f-9781-04369addc325
- Wayback Machine: https://web.archive.org/web/https://hyper-liquid.network
- PhishDestroy: https://phishdestroy.io/domain/hyper-liquid.network/
- LLM endpoint: https://phishdestroy.io/domain/hyper-liquid.network/llm.txt

## If You Visited This Site
1. Revoke all token approvals immediately (revoke.cash / unrekt.net)
2. Move remaining funds to a new wallet
3. Do not interact with any transactions from this site
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hyper-liquid.network/
Last updated: 2026-03-19