Security Concerns Arise from Reports of DPRK-Linked Wallets
Hyperliquid Labs, a decentralised platform for perpetual futures trading, has firmly denied claims of being exploited by wallets linked to North Korean hackers.
Concerns arose after MetaMask security expert Taylor Monahan reported that flagged wallets tied to North Korea had executed trades on Hyperliquid, resulting in liquidations exceeding $700,000—an uncharacteristically small amount for state-sponsored hackers.
Several marked North Korean hacker addresses have recently been trading on Hyperliquid, with a total loss of more than $700,000, according to @tayvano_. Some community members are concerned that these trading activities may mean that North Korean hackers have identified…
— Wu Blockchain (@WuBlockchain) December 23, 2024
The controversy escalated when Monahan suggested the activity was likely a reconnaissance effort, with hackers testing Hyperliquids defenses in preparation for a potential attack.
These fears triggered a wave of withdrawals, with over $194 million in USDC pulled from the platform on a single day, according to Hasheds Dune Analytics dashboard.
Monahan also highlighted the platform's vulnerability due to its highly centralised validator set, consisting of just four validators.
In a follow-up statement, Monahan urged Hyperliquid to take immediate steps to fortify its defenses, underscoring the urgency of addressing these security concerns.
A Possible Hyperliquid Hack?
Speculation about a potential Hyperliquid hack remains unsubstantiated, but if one were to occur, here is how it might unfold.
An attack on Hyperliquid’s bridge contract would require the compromise of three out of its four validators, achieving the necessary two-thirds quorum.
If successful, the hackers could attempt to move natively minted USDC on Arbitrum.
However, Circle, the USDC issuer, could theoretically freeze these funds—provided they receive and act upon court orders swiftly enough.
This legal process, often sluggish, might give experienced hackers the window needed to convert the stolen assets into uncensorable tokens like ETH.
Alternatively, they could swap the stolen USDC for Ethereum-native USDC.e tokens and transfer them to Ethereum's mainnet.
Everyone wanted Hyperliquid to respond to the allegations of an impending hack, so here it is.
TDLR: there is no exploit, all funds are safu. If a vulnerability is found, the team is always willing to listen as they have a bug bounty program. pic.twitter.com/VHYeUogvxs
— steven.hl (@stevenyuntcap) December 23, 2024
Matt Fiebach at Entropy Advisors explained:
“The only plausible path that would enable the Arbitrum security council as a line of defense would be if the hackers attempted to withdraw the funds through the canonical bridge, likely after swapping to ETH.”
He added:
“In this scenario, the elected Arbitrum Security would need to make the decision of whether effectively blocking this transfer was within their scope of 'addressing critical risks associated with the Arbitrum protocol and its ecosystem'.”
Liquidity limitations would also pose significant hurdles.
To offload $2 billion in stolen funds, hackers would need to spread transactions across various third-party bridges, incurring substantial slippage.
Prithvir Jhaveri, founder and CEO of Loch, a crypto portfolio analytics platform, has outlined the operational and regulatory risks Hyperliquid faces.
Jhaveri pointed to the vulnerabilities stemming from the platform's reliance on just four validators and highlighted potential regulatory breaches, including violations of US OFAC sanctions and SEC regulations.
[Trigger Warning]@HyperliquidX faces some serious risks.
I've organized them in descending order with mitigation logic where applicable.
1. OpSec
2. OFAC
3. SEC
4. Market-Maker Vault Concentration
5. Performance Degradation
6. FDV to Float Ratio
1. OpSec risk
Wallet… pic.twitter.com/pdU1zX5X5T
— Prithvir (@Prithvir12) December 23, 2024
These risks are amplified by Hyperliquid's interaction with entities in sanctioned regions and its potential classification as an unregistered broker.
Hyperliquid Denies Exploit Claims But Not All Convinced
Hyperliquid Labs has responded to recent allegations via its Discord channel, firmly denying any hack or exploit linked to DPRK-affiliated addresses.
Hyperliquid emphasized its commitment to operational security, citing a robust bug bounty programme and adherence to industry standards in blockchain analysis.
The team assured users that no vulnerabilities have been disclosed by security researchers or third parties, and all funds remain secure despite concerns over suspicious trading activity.
Hyperliquid Labs: We are aware of reports circulating regarding activity by supposed DPRK addresses. There has been no DPRK exploit - or any exploit for that matter - of Hyperliquid. All user funds are accounted for. Hyperliquid Labs takes opsec seriously. No vulnerabilities have… https://t.co/VI46V2O00g
— Wu Blockchain (@WuBlockchain) December 23, 2024
However, not everyone is convinced.
Nassim Eddequiouaq, a crypto developer and former head of information security for Andreessen Horowitz's crypto team, expressed concern, suggesting that North Korean hackers could already be inside Hyperliquid's infrastructure, strategising a more effective exploit.
I worked directly on DPRK's biggest bridge hack ever (Ronin), helped track BSC bridge hackers off-chain, and was at Apple in the security team at the time of the Pegasus spyware so I consider myself somewhat of an expert here.
I'd recommend the @HyperliquidX team to do the… https://t.co/y0aqUAqWJb
— Nass Eddequiouaq (@nassyweazy) December 23, 2024
While some in the crypto community echoed these warnings, others dismissed them as a “psyop” aimed at damaging Hyperliquid’s reputation.
bro, it's not that serious. Tay is just a larp and Conensys is pulling a psyops. pic.twitter.com/EjMINrJjwf
— ❀ 𝖑𝖎𝖑𝖑𝖎 ❀ (@lillipose) December 23, 2024
Notably, Hyperliquid's founders have yet to respond to an offer by Monahan, a prominent security expert, to review the platform’s security standards at no cost.
Muting this shit now.
HL hodlers convinced me it's fine because Arbitrum will roll back if HL gets hacked. 🫠
Really though this isn't a thing that is up for debate lol. We are well past that fucking point.
HL either acts to harden their system. Or they dont.
(Please do 🙏)
— Tay 💖 (@tayvano_) December 23, 2024
Volatility of HYPE Token Stabilises After Brief Dip
The allegations surrounding Hyperliquid and subsequent market concerns triggered a sharp decline in its native token, HYPE, which dropped over 25% from $34 on Sunday to $25 by Monday.
However, reassurances from Hyperliquid Labs about the security of user funds helped stabilise the token.
At the time of writing, HYPE had risen slightly to $25.80, marking a 1.40% recovery in the last 24 hours, according to CoinMarketCap.
Despite the volatility, Hyperliquid retains its position as a leading provider of on-chain perpetual futures trading, commanding over 55% of the market.
While recent events have tested investor confidence, the platform's dominant market position appears to be restoring trust among stakeholders.
Validator Infrastructure's Security Risks
Blockchain experts warn that Hyperliquid, a rapidly emerging DeFi platform, harbours significant security vulnerabilities that could make it a prime target for North Korea's sophisticated hacking operations.
Built with a focus on transaction speed, Hyperliquid relies on just four validators, a structure that raises red flags.
Monahan suggested that these validators might even be operated on devices the platform's founders use for personal activities like social media and video calls.
This overlap increases the risk of phishing attacks that could hand control of the network—and its billions in assets—over to hackers.
lol @ all you retards who think the risk is USG forcing Hyperliquid to freeze AAAAAAAAAAHHAHAHHHAHAHAHAHAHAHHAHHAHAHHAHAHHAHAHAHAHHAHAHHAHAHHAHAHAHHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHHAHAHAHAHHAHAHAHAHAHAAHAHHAHAHAHHAHAHAHHAHAHAHA
Yall, DPRK doesn't trade. DPRK tests.🤦♀️
— Tay 💖 (@tayvano_) December 22, 2024
Crypto developer Cygaar highlighted a particularly concerning vulnerability: Hyperliquid's bridge on Arbitrum One currently secures $2.3 billion in USDC.
With the platform’s two-thirds quorum requirement, compromising three validators would grant malicious actors access to the entire amount.
Hyperliquid owners should be glad that @tayvano_ flagged her concerns yesterday.
DPRK was gonna look into HL regardless of what anyone on this app says.
If the HL team wasn't already working on ensuring bridge and validator security, yesterday's tweet almost certainly has made… pic.twitter.com/MXNATXYHqm
— cygaar (@0xCygaar) December 23, 2024
Experts have proposed potential safeguards, such as Circle, the issuer of USDC, blacklisting hacker-associated wallets to immobilise stolen funds.
Alternatively, the Arbitrum multi-signature security council could reverse malicious transactions, though this approach faces criticism for undermining decentralisation.
The stakes are high, and these risks spotlight the urgent need for enhanced security measures.