# v2-hyperliquid.app — SUSPICIOUS > v2-hyperliquid.app impersonates Hyperliquid crypto exchange to steal wallet credentials and assets. Domain registered March 20, 2026, resolves to 130.12.180. ## Summary PhishDestroy identifies v2-hyperliquid.app as an active brand impersonation scam targeting Hyperliquid users. This deceptive domain employs a fake 'v2' branding scheme to emulate the legitimate Hyperliquid exchange, leveraging social engineering tactics to deceive victims into surrendering cryptocurrency wallet credentials or authorizing fraudulent transactions. The threat actor behind this campaign has deployed a drainer-style kit designed to siphon digital assets under the guise of a legitimate trading platform upgrade or feature release. This indicates a sophisticated operation aimed at capitalizing on user trust in established cryptocurrency infrastructure. This domain exhibits several suspicious technical indicators. It was registered on March 20, 2026, through Dynadot LLC, and resolves to IP address 130.12.180.128. The SSL certificate, issued by Let's Encrypt, provides a veneer of legitimacy despite the domain’s fraudulent intent. According to VirusTotal analysis conducted by PhishDestroy, the domain currently shows 0/95 detections, indicating it remains undetected by most antivirus and security platforms as of the latest scan. It is not currently flagged in Google Safe Browsing (GSB) and has not been added to major blocklists, leaving users vulnerable to first-time exposure. The current status of v2-hyperliquid.app is active and under active monitoring by PhishDestroy. Immediate response actions include domain takedown requests to the hosting provider and registrar, as well as updating threat intelligence feeds to warn cryptocurrency users and security tools. Despite these efforts, the domain continues to operate, posing a moderate to high risk due to its cryptocurrency focus and low detection rate. Users are strongly advised to verify URLs using trusted sources, avoid interacting with unsolicited links, and use hardware wallets or multi-factor authentication for asset protection. Remaining risk is assessed as elevated until the domain is fully neutralized. ## Threat Details - Verdict: SUSPICIOUS - Site status: unknown (HTTP ?) - Target brand: Hyperliquid ## Domain Intelligence - Registered: 2026-03-20 14:31:39 - Registrar: Dynadot LLC. - IP: 130.12.180.128 ## Detection Status - VirusTotal: 0 vendors flagged - Google Safe Browsing: clean - Blocklists: 0 hits ## Evidence - Cloudflare Radar: https://radar.cloudflare.com/scan/8615cef9-47fb-4faa-84ed-a68144ff3876 - PhishDestroy: https://phishdestroy.io/domain/v2-hyperliquid.app/ - LLM endpoint: https://phishdestroy.io/domain/v2-hyperliquid.app/llm.txt ## If You Visited This Site 1. Change any passwords you may have entered 2. Enable 2FA on all related accounts 3. Monitor your accounts for unauthorized activity 4. Report to: FBI IC3, Europol, local authorities --- Report by PhishDestroy | https://phishdestroy.io/domain/v2-hyperliquid.app/ Last updated: 2026-03-21