Original title: Hyperliquid net outflows top $250M amid fears over North Korea hackers
Original author: Tom Mitchelhill
Original source: https://cointelegraph.com/news/hyperliquid-outflow-north-korea-exploit-fears
Compiled by: Tom, Mars Finance
In light of concerns over North Korean hackers, Hyperliquid's net outflow has exceeded $250 million.
After security experts disclosed that North Korean threat actors had traded on the platform, Hyperliquid's net outflow exceeded $256 million.
Hyperliquid faced the largest single-day outflow in history after security experts claimed that North Korean hackers were trading on this new Layer-1 crypto derivatives platform.
MetaMask security researcher Tay Monahan stated in a post on the X platform on December 23 that hackers affiliated with the Democratic People's Republic of Korea (DPRK) had begun using the platform as early as October.
'Yall, the DPRK is not trading. The DPRK is doing tests,' Monahan added in a follow-up post.
Source: Tay Monahan
According to data from Dune Analytics, the total net outflow from this derivatives platform has exceeded $256 million in the past 30 hours.
On December 23, Hyperliquid's fund outflow reached a historic high of $502.71 million, while inflows exceeded $253.5 million.
In the past 30 hours, Hyperliquid's total net outflow has exceeded $256 million. Source: Dune Analytics
Hyperliquid stated on its Discord server that they 'have noticed reports regarding suspected DPRK address activity. Hyperliquid has not been attacked by the DPRK, nor has it faced any other forms of attack. All user funds are safe.'
North Korean hackers, including the Lazarus Group, have stolen $1.3 billion worth of cryptocurrency this year, double the amount stolen last year, highlighting the intensified efforts to raise funds.
Monahan further claimed that Hyperliquid's security and infrastructure are largely centralized, relying solely on four validators.
Monahan's post triggered widespread reactions from crypto commentators, with Hyperliquid supporters accusing her of creating unnecessary panic.
According to data from TradingView, the exchange's native token Hyperliquid (HYPE) has also been affected, dropping 20% since reaching an all-time high of $35 on December 22, and is currently trading at about $28.
Nevertheless, other developers and security researchers continue to support Monahan's reputation as a security expert.
'Maybe you don't like Tay's way of communicating, but at least we're discussing this now: when the dogs of gold appear, it's at least equivalent to a secondary fire alarm,' wrote Laurence Day, co-founder of Wildcat Labs.
'I've had encounters with Lazarus before, and you definitely don't want to see them do something that looks 'stupid' because it's often not like that,' Day added in a follow-up post.
There are 'two lines of defense' in the face of significant attacks.
Anonymous developer Cygaar stated that if North Korea attacks Hyperliquid, two lines of defense can be used to prevent large-scale theft of USD Coin (currently priced at $1.00).
(Editor’s note: Twitter content is automatically translated) Summary of the HyperLiquid situation:
Disadvantages:
I wouldn't be surprised if North Korean hackers are looking for ways to attack.
It requires 3/4 of the validators to be compromised to withdraw the entire $2.3 billion USDC from the bridge.
Advantages:
Once an attack occurs, the two lines of defense can work to prevent funds from being stolen.
Circle can freeze the attacker's addresses to prevent the stolen funds from being used.
Arbitrum can roll back the chain to undo the attack and restore the HL bridge.
Conclusion:
I'm not completely panicking over this right now—if the worst happens, there are guardrails to protect.
First, it remains to be seen whether the validators will be compromised. I know nothing about HL's opsec, but considering each of the four validators is crucial, I think they would be very competent.
Source: Cygaar
Cygaar stated that the issuer of USDC, Circle, can blacklist these addresses to completely prevent their transfer of tokens, freezing the funds of potential threat actors.
'If they act quickly enough, they can prevent the attackers from trading the stolen USDC, effectively freezing the funds. This should allow Circle to return the funds to the HL bridge,' Cygaar added.
Secondly, Cygaar stated that the Arbitrum Chain on which Hyperliquid is based can prevent fund loss by rolling back the chain. However, Day stated that Arbitrum rollback 'will absolutely not' happen unless the chain faces a 'survival' threat.