MetaMask security officer Taylor Monahan (@tayvano_) warned about the activities of North Korean hackers exchanging Hyperliquid on the most popular chain in recent times, igniting the war with the Hyperliquid supporter community, and threw this pot in front of HYPE, which is rising steadily day by day. Cold water is definitely not what the community wants to see. What happened between Hyperliquid and North Korean hackers, and how did Hyperliquid respond?
MetaMask security officer Taylor Monahan: Hyperliquid could be in big trouble
MetaMask security officer Taylor Monahan revealed on December 23 that an address marked as a North Korean hacker entered Hyperliquid to conduct transactions, using 20 times leverage to be long ETH, and ultimately lost $700,000. This is a very critical sign for Monahan:
"Those who think that the risk of Hyperliquid is that the funds are frozen by the US government are idiots. North Korean hackers will not speculate on coins, they will only 'test'."
Monahan told Hyperliquid that she or her colleagues were willing to provide assistance and urged Hyperliquid to harden up quickly and face the attack by North Korean hackers. She said that if she were the administrator of Hyperliquid's only four validators, she would be scared to death.
Why Hyperliquid Systems Are Risky
Monahan explained that there are no more than four Hyperliquid validators, and they all run the same code or may be collocated. Centralized infrastructure, build systems, etc. are maintained and accessed by an unknown number of founders, executives, and engineers who use the same devices to access said systems as they talk to people, call VCs, read twitter, etc.
The initial input will be the same as usual: a message from someone they know or should know, containing a compelling link or document that the target should and wants to read.
"That will deliver the malware silently," she said. "The malware will be the same variant that we've seen before. If they really wanted to move quickly, they would use a chrome zero-day, but that's not necessary here." , so they won’t.”
She emphasized that the attack itself was about money and that once they gained access, all funds would be stolen. You can mitigate risk by strengthening security, in which case education, restricted access, monitoring, and testing can go a long way. Don't put your eggs in one basket, don't have pre-built unsigned binaries that everyone uses. These are also things that DeFi protocols never do because they are too busy auditing their smart contracts, doing tokenomics, and tweeting.
"If you don't believe me, ask the team if every engineer with access to critical systems uses a dedicated device managed by Hyperliquid." The answer will be no, Monahan said. That would be their personal device, without anti-virus software (AVS) and endpoint detection and response (EDR) solutions. In fact, they don’t even know if they have been poisoned. They only know that their funds have not been hacked yet.
Worrying too much? The prophet told you to run?
Commentators believe that Monahan’s hypothesis, if true, is indeed cause for concern. But perhaps Hyperliquid has already prepared all these basic security issues.
Some comments also stated that they have been targeted by North Korea many times. Hackers are constantly trying to access accounts, phishing, etc. And Monahan was the first person he turned to. If she takes it upon herself to protect you and seek explanation, that should be believable. Many people who believe in Monahan say that although her speech is always unpleasant, she is someone who cares very much about industrial security and is willing to help others.
Unpredictable centralization risks
To add another possible risk, Hyperliquid adopts an order book model. Although users use their own wallets, they still have to transfer funds to Hyperliquid before they can trade; this means that only when users safely transfer funds out to their own wallets can they trade. Self-managed assets. In essence, it is similar to a centralized exchange, but the current centralized exchange has the responsibility to prevent money laundering and anti-terrorism due to the custody of user funds. Doing KYC (user profile verification) is a basic condition. Hyperliquid currently relies on the appearance of an on-chain application. If funds of international concern such as North Korean hackers are involved, it may indeed bring further regulatory risks.
Hyperliquid responded strongly: No problem
Hyperliquid responded strongly to Monahan’s warning on Discord:
"Hyperliquid Labs is aware of reports regarding activity purportedly originating from a North Korean (DPRK) address. To clarify, Hyperliquid has not been subject to a North Korean attack or any form of attack. All user funds have been verified."
Hyperliquid Labs takes operational security (opsec) very seriously. No vulnerability has been reported by any party so far. As always, we have a generous bug report bounty program and use industry-leading standards for blockchain analysis.
Previously, someone claiming to be an information security related party tried to contact. To be clear, there have never been any allegations of an attack on Hyperliquid. The party added a scam account to the group chat and subsequently communicated in abusive language. Given the professionalism demonstrated, the development team instead communicated with a trusted partner and confirmed that it was operating in compliance with best practice standards. "
Hyperliquid Faces Recent Large USDC Outflows
According to statistics from Dune Analytics, after the news of this incident, Hyperliquid, which is still built on Arbitrum, continued to have outflows of tens of millions of USDC. Hyperliquid's total accumulated funds were once as high as 2.06 billion USDC, and currently there are 1.675 billion USDC left.
The HYPE token itself was unaffected, however, with daily gains of nearly 5%, still sitting at $29.95.
This article Fatal injury to Hyperliquid (HYPE): North Korean hackers target centralized exchanges with latent crises and no KYC first appeared on Chain News ABMedia.