On October 2022, HPAY suffered a access control — the first of 77 documented access control incidents in our archive where the loss figure was not publicly disclosed but the exploit pattern is documented below.
Attack Mechanics: How the HPAY Access Control Played Out
Exploit Class Applied to HPAY
The HPAY incident on October 18, 2022 is classified as a Access Control. A privileged function lacks a proper authorisation check, letting an unauthorised caller execute it. In the full archive, HPAY is 1 of 77 documented access control incidents.
HPAY in Context
The HPAY incident joins a class whose largest loss to date is Corkprotocol (2025) at $12M.
Prior Access Control Before HPAY
The nearest access control incident before HPAY was Uerii Token, 1 day earlier on October 17, 2022 ($2.4K lost). The same exploit class surfaced again within the access control attack surface.
Impact & Recovery for HPAY
HPAY Loss Figure
The loss figure for HPAY is not publicly disclosed. The primary source reports the exploit in non-USD terms, so no USD estimate is published here. For reference, the average loss across 77 access control incidents in our archive is $636K.
Timeline Since the HPAY Incident
The HPAY exploit occurred 3.5 years ago (1,274 days). The contract, its fork-block, and the attack transaction remain on-chain and forensically reproducible.
Primary Reference for HPAY
Public post-mortem / on-chain analysis for the HPAY incident: view source.
FAQ
How much did HPAY lose?
The HPAY loss figure is not publicly disclosed. The primary source reports the exploit in non-USD token terms, so no USD estimate is published here.
When did the HPAY hack happen?
The HPAY exploit was recorded on October 18, 2022 — 1,274 days ago.
What type of exploit hit HPAY?
The HPAY incident is classified as a Access Control. A privileged function lacks a proper authorisation check, letting an unauthorised caller execute it.
How common is the Access Control pattern seen at HPAY?
Our archive contains 77 documented access control incidents. The HPAY incident is one of them.
How does HPAY compare to the largest Access Control attack?
The largest access control incident in our archive is Corkprotocol (2025) at $12M. The HPAY loss was not publicly disclosed.
How does the study suggest overcoming challenges in AutoML tool application for time series forecasting?
By combining domain expertise with AutoML's capabilities, adjusting tools' settings, and selecting appropriate datasets for model training.
How does the study contribute to the understanding of cryptocurrency market risks?
By identifying the best-fitting distributions, the study aids in better understanding and modeling the market risks associated with different cryptocurrencies.