Hyperliquid witnessed the largest outflow of funds in a single day after security experts indicated that North Korean hackers were trading on the new layer-1 cryptocurrency derivatives platform.
Security researcher Metmask, Tay Monahan, reported in a post on December 23 that hackers linked to the Democratic People's Republic of Korea (DPRK) have been using this platform since at least October.
“Hey, the DPRK is not trading. The DPRK is experimenting,” Monahan added in a follow-up post.
Source: Tay Monahan
The actual outflow of funds from this derivatives platform exceeded $256 million in the past 30 hours, according to data from Dune Analytics.
The outflow from Hyperliquid on December 23 reached a record $502.71 million, while inflows exceeded $253.5 million.
The actual outflow from Hyperliquid exceeded $256 million in the past 30 hours. Source: Dune Analytics
Hyperliquid stated on its Discord server that they are “aware of the reports circulating about the activity of an address believed to belong to the DPRK. There have been no attacks from the DPRK – or any attacks – on Hyperliquid. All user funds are safe.”
North Korean hackers like the Lazarus group have stolen $1.3 billion worth of cryptocurrency so far this year — double the amount they seized from last year, aiming to bolster leader Kim Jong Un's efforts to gather funds for the sanctioned nation from the world.
Monahan also stated that the security and infrastructure of Hyperliquid are primarily centralized, relying on only four validators.
Monahan's post sparked a wave of reactions from cryptocurrency experts, with supporters of Hyperliquid accusing her of creating unnecessary fear.
The Hyperliquid token (HYPE) was also affected, dropping 20% from its historical high of $35 on December 22, and is currently trading at $28, according to data from TradingView.
However, other developers and security researchers support Monahan's reputation as a security expert in the cryptocurrency industry.
“You may not like the way Tay communicates, but at least we are discussing: Kim [Jong Un]'s associates always appear as a two-tier alarm signal,” wrote Laurence Day, co-founder of Wildcat Labs.
“I have faced the Lazarus group before, and you DO NOT want them to do anything that seems ‘silly’ because it usually isn’t,” Day added in a later post.
There are “two defense lines” in case of a major exploit
Anonymous developer Cygaar stated that if North Korea attacks Hyperliquid, there are two defense lines that could be used to prevent a large amount of USD Coin (USDC) from being stolen.
Source: Cygaar
Cygaar stated that the USDC issuer, Circle, could blacklist addresses from moving tokens entirely to freeze the movement of potential threats.
“If they act fast enough, they can prevent the attacker from trading the stolen USDC and effectively freeze the funds. This allows Circle to refund the funds back to the HL bridge,” he added.
Secondly, Cygaar stated that the Arbitrum Chain — the network on which Hyperliquid is built — could roll back the chain to prevent fund loss. However, Day said that rolling back Arbitrum “will not happen at all” unless there is a “survival” threat to the chain.
