Original Title: (HYPE daily correction exceeds 20%, Are North Korean hackers targeting Hyperliquid?)

Original Author: Azuma, Odaily Planet Daily

The hot project Hyperliquid (HYPE) faced the largest round of correction since its launch today.

Bitget market shows that as of around 14:00 Beijing time, HYPE is reported at 26.21 USDT, with a daily decline of up to 20.5%.

Are North Korean hackers targeting Hyperliquid?

Looking around the market news, the largest event discussed in the Hyperliquid community today is a warning from well-known security researcher Tay (@tayvano_)—multiple North Korean hacker addresses that have been flagged are trading on Hyperliquid recently, with total losses exceeding $700,000.

Although as of the publication date, Hyperliquid has shown no signs of being attacked, as Tay said, 'If I were one of the 4 validators managing Hyperliquid, I might have already wet my pants'... Signs of activity from the strongest hacking power in the cryptocurrency world may indicate that North Korean hackers have targeted Hyperliquid as a potential target and are testing the system's stability by executing transactions.

After Tay's post was issued, it immediately sparked heated discussions within the community, especially regarding the '4 validators' issue mentioned by Tay, which led to intense discussions. Some community users even regarded it as the current weakest link in Hyperliquid's system security.

Potential Threat: $2.3 billion relying solely on 3/4 multi-signature.

Abstract developer cygaar explained that there are currently $2.3 billion of USDC coexisting in the Hyperliquid bridging contract deployed on Arbitrum, and most functions in that bridging contract require 2/3 of the validators' signatures to execute (since there are only 4 validators, 3 signatures are actually needed).

Assuming that the majority (3/4) of the validators are compromised, the compromised validators can submit a request to withdraw all USDC from the bridging contract and send them to a malicious address. Since the attackers have controlled the vast majority of the validators, they will be able to pass and eventually confirm that withdrawal request, which means that $2.3 billion of USDC will be transferred to the attackers.

Currently, there are two defenses that can intervene to prevent these USDC from being permanently lost.

The first line of defense is set up at the contract level of USDC. Circle's blacklist mechanism can completely prohibit specific addresses from transferring USDC. If they act quickly enough, they can prevent attackers from transferring stolen USDC, effectively freezing funds and repaying the Hyperliquid bridging contract.

Regarding this defense line, security expert ZachXBT commented that Circle's efficiency is very low, and do not expect them to make any remedies, but ZachXBT also clarified that this comment is only directed at Circle and does not involve views on Hyperliquid.

The second defense line is set up at the Arbitrum network level. Currently, the Arbitrum L1/L2 bridging contract on Ethereum is protected by a 9/12 multi-signature contract (security committee). Assuming that an attacker somehow controls these 2.3 billion USDC and immediately exchanges them for other tokens, thereby circumventing Circle's blacklist mechanism. Theoretically, the Arbitrum security committee can also change the chain's state, roll back, and prevent the original attack transaction from occurring. In an 'emergency', the committee can vote to decide whether to intervene.

Cygaar added that the last line of defense is clearly controversial and should only be used in the most critical situations.

‘Deliberate FUD’ or ‘Good Faith Warning’? Community reactions are mixed.

The community response to Tay's warning post has shown a distinct polarization.

On one hand, some community members believe that Tay's warning is exaggerated, especially after HYPE's decline, many community users think Tay is just engaging in 'deliberate FUD'.

· Some community members pointed out that North Korean hackers target every protocol with a high TVL, not just Hyperliquid. Simply discovering traces of hackers does not mean the protocol is under threat;

· Some community members also pointed out that Tay actually works for Consensys, and his so-called 'early warning' is suspected to be driven by interests, actually just to ensure that Consensys can reach the most favorable cooperation with the Hyperliquid team.

On the other hand, some prominent figures chose to support Tay's security work.

· Well-known white hat hacker samczsun stated that although Tay has served the cryptocurrency industry for free for several years, he has been fiercely criticized for this post, simply because HYPE's price plummeted significantly after the warning was released... It's really sad to see such news.

· Wintermute founder and CEO Evgeny Gaevoy also stated that Tay's communication style may be a bit rude (after this tweet was published, Tay had a heated exchange with some users who criticized him), but you cannot ignore information like this.

In summary, for Hyperliquid, which has been smooth sailing since its launch, today's discussion can be seen as a relatively minor incident in the project's operation process. It is not big because Hyperliquid has not actually been attacked; it is not small because some weak links at the system level of Hyperliquid have been exposed, and community consensus has shown a certain degree of divergence on this incident... But as a leading player aiming to change industry rules, this incident can be seen as a good litmus test. How Hyperliquid will address the 3/4 multi-signature issue and quell UFD will also be a good opportunity for the market to reassess the quality and efficiency of the project.

Original Link