Original title: (HYPE daily correction exceeds 20%, are North Korean hackers targeting Hyperliquid?)
Original Author: Azuma, Odaily Planet Daily
The popular project Hyperliquid (HYPE) has faced the largest correction since its launch today.
Bitget market shows that as of around 14:00 Beijing time, HYPE is reported at 26.21 USDT, with a daily decline of up to 20.5%.
Are North Korean hackers targeting Hyperliquid?
Looking around the market news, today's biggest event in the Hyperliquid community discussion is a warning from well-known security researcher Tay (@tayvano_) — multiple North Korean hacker addresses that have been flagged are recently trading on Hyperliquid, with total losses exceeding 700,000 USD.
Although as of the publication date, Hyperliquid has not shown any signs of being attacked, as Tay said, 'If I were one of the 4 validators managing Hyperliquid, I might have already wet my pants'... signs of activity from the strongest hacking force in the cryptocurrency world may indicate that North Korean hackers have targeted Hyperliquid as a potential target and are testing system stability by executing trades.
After Tay's post was released, it immediately sparked heated discussions within the community, especially the issue related to the '4 validators' mentioned by Tay has sparked intense debate, with some community users even viewing it as the weakest link in the current security of the Hyperliquid system.
Potential threat: 2.3 billion dollars relying solely on a 3/4 multi-signature
Abstract developer cygaar explained that currently, there are 2.3 billion USDC coexisting in the Hyperliquid bridge contract deployed on Arbitrum, and most functions in this bridge contract require signatures from 2/3 of the validators to execute (since there are only 4 validators, it actually requires 3 signatures).
Assuming that the majority (3/4) of the validators are compromised, the compromised validators can submit a request to withdraw all USDC from the bridge contract and send them to a malicious address. Since the attacker has control over the vast majority of validators, they can smoothly pass and ultimately confirm this withdrawal request, meaning that 2.3 billion USDC will be transferred to the attacker.
Currently, there are two lines of defense that can intervene to prevent these USDC from being permanently lost.
The first line of defense is deployed at the contract level of USDC. Circle's blacklist mechanism can completely prohibit specific addresses from transferring USDC. If they act quickly enough, they can prevent the attacker from transferring the stolen USDC, effectively freezing the funds and repaying the Hyperliquid bridge contract.
Regarding this line of defense, security expert ZachXBT commented that Circle is very inefficient, and do not expect them to make any remedies, but ZachXBT also clarified that this comment is only directed at Circle and does not involve opinions on Hyperliquid.
The second line of defense is deployed at the Arbitrum network level. Currently, the Arbitrum L1/L2 bridge contracts on Ethereum are protected by a 9/12 multi-signature contract (security committee). Assuming that the attacker somehow controls these 2.3 billion USDC and immediately exchanges them for other tokens, circumventing Circle's blacklist mechanism. Theoretically, the Arbitrum security committee can also change the state of the chain, roll back, and prevent the initial attack transaction from occurring. In 'emergency situations', the committee can vote on whether to intervene.
Cygaar added that the last line of defense is clearly controversial and should only be used in the most critical situations.
'Deliberate FUD' or 'Good Faith Warning'? Community reactions vary
The community reaction to Tay's warning post has shown a stark polarization.
On one hand, some community members believe that Tay's warning is exaggerated, especially after HYPE's decline, many community users believe that Tay is merely engaging in 'deliberate FUD'.
· Some community members pointed out that North Korean hackers target every protocol with a high TVL, not just Hyperliquid, and simply finding traces of hacker usage does not indicate that the protocol is under threat;
· Some community members also pointed out that Tay himself actually works for Consensys, and his so-called 'early warning' raises suspicion of a conflict of interest, actually just to ensure that Consensys can reach the most favorable cooperation with the Hyperliquid team.
On the other hand, some well-known figures have chosen to support Tay's security work.
· Well-known white hat hacker samczsun stated that although Tay has selflessly served the cryptocurrency industry for several years, he has faced fierce criticism for this post, simply because HYPE's price plummeted significantly after the warning was issued... It's really sad to see such news.
· Wintermute founder and CEO Evgeny Gaevoy also stated that Tay's communication style may be somewhat harsh (after the tweet was released, Tay had intense exchanges with some users who accused him), but you cannot ignore information like this.
In summary, for Hyperliquid, which has been smooth sailing since its launch, today's discussion can be considered a minor incident in the project's operational process. It's not significant because Hyperliquid has not actually been attacked; it's not minor because certain vulnerable aspects of the Hyperliquid system have been exposed, and there has been a certain degree of divergence in community consensus on this incident... However, as a leading entity aspiring to change industry rules, this incident is less of a difficulty and more of a good touchstone. How Hyperliquid addresses the 3/4 multi-signature issue and calms the UFD will also be a good opportunity for the market to reassess the quality and efficiency of the project.
Original link
