# hyperliquid.dev — SUSPICIOUS > hyperliquid.dev mimics Hyperliquid in a brand impersonation attack. VirusTotal flags 0/95 detections. Avoid interactions and report. ## Summary PhishDestroy identifies hyperliquid.dev as an active brand impersonation domain targeting Hyperliquid users. This domain was flagged on July 07, 2025, and is under investigation for potential credential theft aimed at cryptocurrency holders. The threat level remains under assessment, but users should exercise caution due to the domain’s deceptive design and potential for financial harm. This domain resolves to IP address 185.253.212.22 and is registered through Key-Systems LLC, a domain registrar known for hosting both legitimate and malicious domains. The SSL certificate is issued by Let’s Encrypt, a trusted provider, which may lend an air of legitimacy to unsuspecting users. As of the latest scan, hyperliquid.dev has 0 detections out of 95 on VirusTotal, indicating it remains undetected by many antivirus engines. The domain is not currently listed on major threat intelligence blocklists, and its trust scores are likely low due to its recent creation and suspicious activity. To mitigate risk, users should avoid interacting with hyperliquid.dev and verify any Hyperliquid-related links through official channels. Cryptocurrency holders should enable multi-factor authentication (MFA) on their accounts and use hardware wallets for additional security. Report this domain to your organization’s security team or platforms like PhishDestroy to aid in ongoing investigations. If you have visited this domain or entered credentials, revoke access immediately and scan your devices for malware. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Hyperliquid ## Domain Intelligence - Registered: 2025-07-07 20:16:38 - Registrar: Key-Systems LLC - IP: 185.253.212.22 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/d06b863e-31b3-4a27-aebc-d1e2ca08635f - PhishDestroy: https://phishdestroy.io/domain/hyperliquid.dev/ - LLM endpoint: https://phishdestroy.io/domain/hyperliquid.dev/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/hyperliquid.dev/ Last updated: 2026-03-28