Hyperliquid denies being hacked by North Korea's Lazarus Group, despite on-chain data showing evidence of large-scale withdrawals of funds. On-chain data reportedly shows that wallet addresses linked to North Korea collectively deposited and withdrew substantial amounts of ETH from the platform on December 23.
Taylor Monahan, a security expert at Metamask, warned that hackers don't need to touch users' funds to breach security and identified clear vulnerabilities in Hyperliquid's system.
Hyperliquid: Lazarus' next target?
Decentralized exchange Hyperliquid has officially responded to criticism via Discord. Rumors of a North Korean hack circulated today (24), prompting users to withdraw $60 million from the platform. The exchange’s HYPE token was already falling before this recent development, prompting official accounts to conduct damage control.
There was no exploitation by DPRK – or any exploitation, for that matter – of hyperliquid. All user funds are accounted for. Hyperliquid Labs takes OpSec seriously. No vulnerabilities were shared by any party. To be clear, there have never been any allegations of exploitation at hyperliquid, one of the platform's executives posted on Discord.
Hyperliquid has yet to provide any public statements or announcements to explain the allegations. Instead, on-chain data reveals that accounts linked to Lazarus deposited $476,489 worth of ETH tokens into the exchange before later withdrawing them.
While these are not concrete signs of an exploit, they do raise questions about why the platform is seeing such a large volume of outflow from suspicious wallet addresses in a single day.
Lazarus Group places funds in hyperliquid. Source: LookOnChain
However, MetaMask security expert Taylor Monahan strongly cautioned against taking any action. The crypto industry is well aware of the seriousness of any incident linked to the infamous Lazarus Group. Therefore, Hyperliquid should take its threats very seriously, according to the security expert.
North Korean hackers continue to be a nightmare
The US government believes Lazarus stole nearly $900 million. Overall, North Korean hackers are behind some of the biggest crypto hacks of 2024. In fact, DPRK-based actors were responsible for the critical Radiant Capital hack earlier this year, which involved breaching the platform’s sophisticated multisig wallet authentication.
Speculation that similar entities may be showing interest in Hyperliquid is extremely concerning.
“I am very concerned that you are at increased risk because we know that these particular threat actors are now intimately familiar with your platform. I really want to emphasize that these are the most sophisticated and rapidly evolving of all the DPRK threat groups. They are very creative and persistent,” Monahan said.
Monahan went on to say that the exchange’s evasive and defiant attitude was a very worrying sign. Even if Lazarus had not disturbed any of the funds on the exchange, he may have already breached its security.
Metamask’s security expert also stated that the company had at most 4 validators, all running the same code, and an unknown number of higher ones could bypass key security vulnerabilities.
In short, if founders, executives, and engineers all use the same devices to access the same systems, then one malware link can dismantle the entire operation. Lateral movement is one of the key strategies of North Korean hackers, where they leverage multiple access points to move across a network.
So if a high-profile person’s private device is compromised, a major hack becomes inevitable. However, so far, Hyperliquid doesn’t seem worried about these allegations.
The article Hyperliquid denies evidence of North Korean hack attack was first seen on BeInCrypto Brasil.