Cointelegraph
--
Hyperliquid net outflows top $250M amid fears over North Korea hackers
Hyperliquid has suffered its largest single-day outflow after security experts said that North Korean hackers were trading on the new layer-1 crypto derivatives platform.Â
Metmask security researcher Tay Monahan said in a Dec. 23 X post that Democratic Peopleâs Republic of Korea (DPRK)-linked hackers had been using the platform from as early as October.Â
âYall, DPRK doesnât trade. DPRK tests,â Monhan added in a follow-up post.
Source: Tay Monahan
Net outflows from the derivatives platform have topped $256 million in the last 30 hours, according to data from Dune Analytics.Â
Outflows from Hyperliquid on Dec. 23 hit an all-time peak of $502.71 million, while inflows reached over $253.5 million.
Net outflows from Hyperliquid have topped $256 million in the last 30 hours. Source: Dune Analytics
Hyperliquid said on its Discord server that itâs âaware of reports circulating regarding activity by supposed DPRK addresses. There has been no DPRK exploit - or any exploit for that matter - of Hyperliquid. All user funds are accounted for.â
North Korean hackers such as the Lazarus Group have stolen $1.3 billion worth of crypto so far this year â doubling their haul from last year in an escalation of dictator Kim Jong Unâs effort to scrape together cash for the nation largely cut off from the world by sanctions.
Monahan further claimed that Hyperliquidâs security and infrastructure are largely centralized, relying on just four validators.
Monahanâs post triggered a broad set of reactions from crypto pundits, with Hyperliquid supporters accusing her of creating unnecessary fear.Â
The exchangeâs native Hyperliquid (HYPE) token was also hit by the fallout, falling 20% from its all-time high of $35 on Dec. 22, and is currently changing hands for $28, according to TradingView data.Â
However, other developers and security researchers supported Monahanâs reputation as a security expert in the crypto industry.Â
âYou might not like the way Tay communicates, but at least weâre talking now: Kim [Jong Unâs] goons showing up is always at least a two-alarm fire,â wrote Wildcat Labs co-founder Laurence Day.
âIâve had run-ins with Lazarus before, and you do NOT want them doing anything that looks âsillyâ because itâs often not,â Day added in a later post.Â
There are âtwo lines of defenseâ in case of major exploitÂ
Pseudonymous developer Cygaar said if North Korea were to attack Hyperliquid, there are two lines of defense that could be utilized to stop massive sums of USD Coin (USDC) from being stolen.
Source: Cygaar
USDC issuer Circle could blacklist addresses from moving tokens completely in a bid to freeze the movement of potential threat actors, Cyggar said.
âIf they act quickly enough, they can prevent the attacker from trading out of the stolen USDC and effectively freeze the funds. This should allow Circle to return funds back to the HL bridge,â he added.Â
Secondly, Cygaar said the Arbitrum Chain â the network Hyperqliuid is built on â could roll back the chain the prevent the loss of funds. However, Day said an Arbitrum rollback was âabsolutely notâ going to happen unless there was an âexistentialâ threat to the chain.Â
Magazine: Comeback 2025 â Is Ethereum poised to catch up with Bitcoin and Solana?
Metmask security researcher Tay Monahan said in a Dec. 23 X post that Democratic Peopleâs Republic of Korea (DPRK)-linked hackers had been using the platform from as early as October.Â
âYall, DPRK doesnât trade. DPRK tests,â Monhan added in a follow-up post.
Source: Tay Monahan
Net outflows from the derivatives platform have topped $256 million in the last 30 hours, according to data from Dune Analytics.Â
Outflows from Hyperliquid on Dec. 23 hit an all-time peak of $502.71 million, while inflows reached over $253.5 million.
Net outflows from Hyperliquid have topped $256 million in the last 30 hours. Source: Dune Analytics
Hyperliquid said on its Discord server that itâs âaware of reports circulating regarding activity by supposed DPRK addresses. There has been no DPRK exploit - or any exploit for that matter - of Hyperliquid. All user funds are accounted for.â
North Korean hackers such as the Lazarus Group have stolen $1.3 billion worth of crypto so far this year â doubling their haul from last year in an escalation of dictator Kim Jong Unâs effort to scrape together cash for the nation largely cut off from the world by sanctions.
Monahan further claimed that Hyperliquidâs security and infrastructure are largely centralized, relying on just four validators.
Monahanâs post triggered a broad set of reactions from crypto pundits, with Hyperliquid supporters accusing her of creating unnecessary fear.Â
The exchangeâs native Hyperliquid (HYPE) token was also hit by the fallout, falling 20% from its all-time high of $35 on Dec. 22, and is currently changing hands for $28, according to TradingView data.Â
However, other developers and security researchers supported Monahanâs reputation as a security expert in the crypto industry.Â
âYou might not like the way Tay communicates, but at least weâre talking now: Kim [Jong Unâs] goons showing up is always at least a two-alarm fire,â wrote Wildcat Labs co-founder Laurence Day.
âIâve had run-ins with Lazarus before, and you do NOT want them doing anything that looks âsillyâ because itâs often not,â Day added in a later post.Â
There are âtwo lines of defenseâ in case of major exploitÂ
Pseudonymous developer Cygaar said if North Korea were to attack Hyperliquid, there are two lines of defense that could be utilized to stop massive sums of USD Coin (USDC) from being stolen.
Source: Cygaar
USDC issuer Circle could blacklist addresses from moving tokens completely in a bid to freeze the movement of potential threat actors, Cyggar said.
âIf they act quickly enough, they can prevent the attacker from trading out of the stolen USDC and effectively freeze the funds. This should allow Circle to return funds back to the HL bridge,â he added.Â
Secondly, Cygaar said the Arbitrum Chain â the network Hyperqliuid is built on â could roll back the chain the prevent the loss of funds. However, Day said an Arbitrum rollback was âabsolutely notâ going to happen unless there was an âexistentialâ threat to the chain.Â
Magazine: Comeback 2025 â Is Ethereum poised to catch up with Bitcoin and Solana?
Disclaimer: Includes third-party opinions. No financial advice. May include sponsored content. See T&Cs.
Replies 0