# hyperliquid.nl — SUSPICIOUS

> hyperliquid.nl poses as Hyperliquid to push a crypto drainer. 0/95 VirusTotal detections detected. Verify any links using PhishDestroy.

## Summary
PhishDestroy identifies hyperliquid.nl as a live brand-impersonation domain created to trick visitors into connecting wallets to a crypto drainer. This domain mirrors the official Hyperliquid brand, luring users into entering credentials or signing malicious transactions. The page currently resolves to 185.253.212.22 and is served over a Let’s Encrypt TLS certificate, giving the illusion of legitimacy for users who do not cross-reference the URL.  Analysis of hyperliquid.nl shows zero detections on VirusTotal as of the latest scan (0 out of 95 engines), and the domain is not yet present on major blocklists such as PhishTank, OpenPhish or URLVoid. It was registered on December 10, 2024 through Key-Systems GmbH, a registrar known for high-volume domain sales. Given its recent creation and the absence of community or vendor blocks, the threat level remains under investigation, but the intent is clearly malicious. The narrow detection window indicates attackers are leveraging fresh registrations to evade early detection.  Users who have visited hyperliquid.nl should immediately disconnect any connected wallets, revoke any permissions granted via wallet interfaces, and clear browser cache and cookies tied to the domain. Scan the device with an updated antivirus suite and consider rotating wallet private keys or seed phrases as a precautionary measure. Report the domain to PhishDestroy or your internal SOC to aid in blocking and takedown efforts. Always verify official URLs by comparing against the brand’s verified channels before entering credentials or signing transactions.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Hyperliquid

## Domain Intelligence
- Registered: 2024-12-10 00:00:00
- Registrar: Key-Systems GmbH
- IP: 185.253.212.22

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/9c3c2f61-9770-467b-84a0-6d00dc5ed091
- PhishDestroy: https://phishdestroy.io/domain/hyperliquid.nl/
- LLM endpoint: https://phishdestroy.io/domain/hyperliquid.nl/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hyperliquid.nl/
Last updated: 2026-03-28