Original | Odaily Planet Daily (@OdailyChina)
Author | Azuma (@azuma_eth)
The popular project Hyperliquid (HYPE) today experienced the largest round of correction since its launch.
According to Bitget market data, as of around 14:00 Beijing time, HYPE is quoted at 26.21 USDT, with a daily decline of up to 20.5%.
Have North Korean hackers targeted Hyperliquid?
Looking around the market news, the largest event discussed in the Hyperliquid community today is a warning from well-known security researcher Tay (@tayvano_) — multiple addresses marked as North Korean hackers have recently been trading on Hyperliquid, with total losses exceeding $700,000.
Although as of the time of writing, Hyperliquid has not shown any signs of being attacked, as Tay said, 'If I were one of the 4 validators managing Hyperliquid, I might have already peed my pants'... Signs of activity from the strongest hacker forces in the cryptocurrency world may indicate that North Korean hackers have targeted Hyperliquid as a potential target and are testing the system's stability by executing trades.
Tay's post sparked heated discussions within the community, especially the issue related to the '4 validators' mentioned by Tay, which has led to intense debate. Some community users even view it as the weakest link in the current security of the Hyperliquid system.
Potential threat: $2.3 billion relies solely on 3/4 multi-signature.
Abstract developer cygaar explained that there are currently $2.3 billion in USDC coexisting in the Hyperliquid bridging contract deployed on Arbitrum, and most functions in that bridging contract require 2/3 of the validators' signatures to execute (since there are only 4 validators, 3 signatures are actually needed).
Assuming the majority (3/4) of the validators are compromised, the compromised validators can submit a request to withdraw all USDC from the bridging contract and send them to a malicious address. Since the attackers have controlled the vast majority of validators, they will be able to pass through smoothly and ultimately confirm the withdrawal request, meaning that $2.3 billion in USDC will be transferred to the attackers.
Currently, there are two lines of defense that can intervene to prevent these USDC from being permanently lost.
The first line of defense is deployed at the contract level of USDC. Circle's blacklist mechanism can completely prohibit specific addresses from transferring USDC; if they act quickly enough, they can prevent the attacker from transferring the stolen USDC, effectively freezing the funds and repaying the Hyperliquid bridging contract.
Regarding this line of defense, security expert ZachXBT commented that Circle is very inefficient, and one should not expect them to make any remedies, but ZachXBT also clarified that this comment is only directed at Circle and does not reflect on Hyperliquid.
The second line of defense is deployed at the Arbitrum network level. Currently, the Arbitrum L1/L2 bridging contract on Ethereum is protected by a 9/12 multi-signature contract (security committee). Assuming the attacker somehow controls the $2.3 billion USDC and immediately exchanges it for other tokens, thereby evading Circle's blacklist mechanism. Theoretically, the Arbitrum security committee could also change the chain's state to roll back and prevent the initial attack transaction from occurring. In an 'emergency,' the committee can vote to decide whether to intervene.
cygaar further stated that the last line of defense is clearly highly controversial and should only be used in the most critical situations.
"Deliberate FUD" or "Good Faith Warning"? Community responses vary.
The community's response to Tay's warning post has shown a clear polarization.
On one hand, some community members believe that Tay's warning is exaggerated, especially after HYPE's decline, many community users believe Tay is just 'deliberately creating FUD.'
Some community members pointed out that North Korean hackers target every protocol with a high TVL, not just Hyperliquid. Simply discovering traces of hackers does not necessarily indicate that the protocol is under threat.
Some community members also pointed out that Tay actually works for Consensys, and his so-called 'warning' raises suspicions of vested interests, as it seems aimed at securing the most favorable cooperation between Consensys and the Hyperliquid team.
On the other hand, some well-known figures have chosen to support Tay's security work.
Well-known white hat hacker samczsun stated that although Tay has been serving the cryptocurrency industry voluntarily for several years, he has faced fierce criticism for this post, simply because HYPE's price dropped significantly after the warning was issued... It's really sad to see such news.
Evgeny Gaevoy, founder and CEO of Wintermute, also mentioned that Tay's communication style might be a bit rough (after the tweet was posted, Tay had a heated exchange with some users who criticized him), but such information cannot be ignored.
In summary, for Hyperliquid, which has been smooth sailing since its launch, today's discussion can be considered a minor incident in the project's operation. It can be said to be minor because Hyperliquid has not actually suffered an attack; it can be said to be significant because some vulnerabilities at the system level of Hyperliquid have been exposed, and community consensus on this incident has become somewhat divided... However, as a leading entity aiming to change industry rules, this incident can be seen as a good touchstone. How Hyperliquid resolves the 3/4 multi-signature issue and calms UFD will also be a good opportunity for the market to reassess the project's quality and efficiency.
