# hyperliquid.d-hirechain.com — SUSPICIOUS > hyperliquid.d-hirechain.com impersonates Hyperliquid to push a crypto drainer; VirusTotal shows 0/95 detections. Verify before you click. ## Summary PhishDestroy identifies hyperliquid.d-hirechain.com as an active brand-impersonation domain masquerading as Hyperliquid, a legitimate decentralized exchange. The malicious site is engineered to harvest wallet credentials or seed phrases under the guise of a crypto trading interface, potentially siphoning digital assets without user awareness. Security telemetry confirms the domain remains undetected on 95 VirusTotal engines as of February 25, 2025, indicating it has flown under the radar despite its predatory design. Registrant data reveals a recently minted domain—created on February 25, 2025—hosted at 216.150.16.1 and secured via a Let’s Encrypt certificate, leveraging free SSL to appear legitimate. This domain was flagged within 24 hours of registration, a common tactic for short-lived crypto-draining campaigns targeting high-profile DeFi platforms like Hyperliquid. Attackers frequently exploit Namecheap’s mass-registration ecosystem to rapidly deploy impersonation sites before takedowns occur. The absence of AV detections suggests either zero-day tooling or deliberate evasion via newly registered infrastructure designed to bypass static rule filters. Risk escalates when users manually visit the domain or click spoofed links in social media or phishing messages, especially those promoting “exclusive” liquidity pools or unannounced airdrops to lure experienced traders. If you visited hyperliquid.d-hirechain.com, immediately disconnect from the internet, close the browser, and scan your device with updated antivirus software. Review all crypto wallet extensions and browser profiles for unauthorized transactions or unfamiliar permission grants. Revoke any suspicious smart-contract approvals via tools like Revoke.cash or Etherscan’s approval tab. Report the domain to PhishDestroy using the unique seed 5d7da6 so our threat team can expedite blocklisting across security partners. Never re-enter wallet seeds or private keys unless you’re certain the site is the official Hyperliquid application, accessible only via verified domains like hyperliquid.xyz. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Hyperliquid ## Domain Intelligence - Registered: 2025-02-25 15:14:16 - Registrar: NAMECHEAP INC - IP: 216.150.16.1 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/5ab8f0aa-2fa9-423c-a8f7-47d3feb70501 - PhishDestroy: https://phishdestroy.io/domain/hyperliquid.d-hirechain.com/ - LLM endpoint: https://phishdestroy.io/domain/hyperliquid.d-hirechain.com/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/hyperliquid.d-hirechain.com/ Last updated: 2026-03-28