# hyperliquid.lol — SUSPICIOUS

> hyperliquid.lol is a brand impersonation site flagged as a crypto drainer. VirusTotal detects 2/95 security vendors. Do not interact—report if visited.

## Summary
PhishDestroy identifies hyperliquid.lol as an active crypto drainer domain impersonating the Hyperliquid brand, designed to deceive users into connecting cryptocurrency wallets under false pretenses. This domain was flagged by ScamSniffer and Enkrypt and resolves to an IP address associated with known malicious infrastructure. The threat actor registered the domain through Key-Systems GmbH on June 08, 2025, and it has already appeared on two security blocklists. VirusTotal analysis confirms detection by only 2 out of 95 security vendors, highlighting the stealthy nature of this operation despite its active misuse.  The domain leverages a Let's Encrypt SSL certificate to appear legitimate and mimics the official Hyperliquid platform to trick users into authorizing malicious wallet interactions. Attackers likely distribute this domain via phishing emails, fake social media ads, or malicious search ads targeting cryptocurrency traders. Once a user connects their wallet, the drainer automatically siphons assets without requiring additional authentication, exploiting the trust associated with the Hyperliquid brand. Technical indicators include the recent domain creation date and limited early-stage detection, making it critical for users to verify domains thoroughly before any interaction.  If you have visited hyperliquid.lol, disconnect your wallet immediately and revoke any unauthorized permissions through your wallet app or browser extension. Do not approve any transaction requests or sign messages from this domain. Report the domain to your browser’s safe browsing tool and share this alert with others. For ongoing protection, use reputable browser extensions like ScamSniffer or Enkrypt that block known crypto drainers. Always verify domain spellings and use official bookmarks for financial platforms.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Hyperliquid

## Domain Intelligence
- Registered: 2025-06-08 09:57:03
- Registrar: Key-Systems GmbH
- IP: 185.253.212.22

## Detection Status
- VirusTotal: 2 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 2 hits
  Lists: ["Enkrypt", "ScamSniffer"]

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/92db011e-7a55-47f2-a87a-8f75c78bd52a
- PhishDestroy: https://phishdestroy.io/domain/hyperliquid.lol/
- LLM endpoint: https://phishdestroy.io/domain/hyperliquid.lol/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hyperliquid.lol/
Last updated: 2026-03-28