# hyperliquidapi.com — SUSPICIOUS

> Danger: hyperliquidapi.com mimics Hyperliquid to push a crypto drainer. VT 0/95 detections. Verify legitimacy on PhishDestroy before connecting.

## Summary
PhishDestroy identifies hyperliquidapi.com as an active brand-impersonation domain targeting Hyperliquid users. The site is suspected of hosting a crypto-drain kit designed to siphon tokens from victim wallets by masquerading as the legitimate Hyperliquid API. Registrant behavior and page structure closely mirror Hyperliquid’s public endpoints, increasing the likelihood of successful deception among traders.

Technical indicators align with a newly emerged campaign: the domain was created on December 14, 2024, resolves to 172.67.68.9 via Cloudflare, and carries a Google Trust Services SSL certificate. VirusTotal shows 0 detections out of 95 engines, and Google Safe Browsing has not yet flagged the URL. At discovery, the domain remains absent from all major threat-intelligence blocklists, indicating minimal prior exposure.

The domain is currently active and under investigation, with no takedown or blocklisting actions observed. Users are advised to avoid visiting hyperliquidapi.com and to verify any Hyperliquid-related link against PhishDestroy’s database before entering wallet credentials or signing transactions. Risk remains elevated while the site remains unblocked and undetected by signature-based defenses.

## Threat Details
- Verdict: SUSPICIOUS
- Site status: unknown (HTTP ?)
- Target brand: Hyperliquid

## Domain Intelligence
- Registered: 2024-12-14 09:45:29
- Registrar: Cloudflare, Inc.
- IP: 172.67.68.9

## Detection Status
- VirusTotal: 0 vendors flagged
- Google Safe Browsing: clean
- Blocklists: 0 hits

## Evidence
- Cloudflare Radar: https://radar.cloudflare.com/scan/7ddb3ce6-d31a-4cb8-93b8-5594645e95d9
- PhishDestroy: https://phishdestroy.io/domain/hyperliquidapi.com/
- LLM endpoint: https://phishdestroy.io/domain/hyperliquidapi.com/llm.txt

## If You Visited This Site
1. Change any passwords you may have entered
2. Enable 2FA on all related accounts
3. Monitor your accounts for unauthorized activity
4. Report to: FBI IC3, Europol, local authorities

---
Report by PhishDestroy | https://phishdestroy.io/domain/hyperliquidapi.com/
Last updated: 2026-03-28