# hyperliquid.jp — SUSPICIOUS > hyperliquid.jp is a newly launched Hyperliquid impersonation site registered on June 07, 2025, hosting a crypto drainer kit. ## Summary PhishDestroy identifies hyperliquid.jp as an active brand impersonation domain designed to mimic Hyperliquid, a legitimate decentralized exchange platform. This site was registered on June 07, 2025, and is currently propagating a crypto drainer kit that mimics standard wallet connection flows to siphon user funds once a compromised transaction is approved. The domain is hosted on an infrastructure that includes a Let’s Encrypt SSL certificate, which is commonly abused to lend false legitimacy to impersonation pages. At the time of analysis, the domain resolved to IP address 185.253.212.22, a known bulletproof hosting provider frequently associated with fraudulent operations. This domain poses a HIGH immediate threat due to its active use in crypto drainer campaigns. VirusTotal currently reports 0/95 detections, indicating it remains under the radar of most security engines. The domain was registered through a privacy-protected registrar, which obscures ownership details and complicates attribution. Google Safe Browsing (GSB) status remains unflagged as of this assessment, and the domain has not yet been widely blocklisted—leaving it accessible to potential victims. The absence of AV detections and rapid deployment timeline suggest this is a newly operational campaign likely distributed via social engineering vectors such as DMs or spoofed support chats. As of the current investigation, hyperliquid.jp remains ACTIVE with no formal takedown initiated. PhishDestroy recommends immediate network-level blocking of the domain and associated IP address (185.253.212.22). Users should refrain from visiting the site, revoke any unintended wallet approvals, and report the domain to Hyperliquid security, Google Safe Browsing, and abuse contacts. The remaining risk is assessed as HIGH due to the domain’s recent registration, low detection coverage, and active deployment of drainer infrastructure. Continuous monitoring and collaborative threat intelligence sharing are critical to prevent further victimization. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Hyperliquid ## Domain Intelligence - Registered: 2025-06-07 00:00:00 - Registrar: REGISTRAR_NOT_FOUND - IP: 185.253.212.22 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/5117104b-0459-4479-babe-70ce9ee59ab5 - PhishDestroy: https://phishdestroy.io/domain/hyperliquid.jp/ - LLM endpoint: https://phishdestroy.io/domain/hyperliquid.jp/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/hyperliquid.jp/ Last updated: 2026-03-28