Original title: Hyperliquid net outflows top $250M amid fears over North Korea hackers

Original author: Tom Mitchelhill

Original source: https://cointelegraph.com/news/hyperliquid-outflow-north-korea-exploit-fears

Compiled by: Tom, Mars Finance

In light of concerns over North Korean hackers, Hyperliquid's net outflow exceeded $250 million.

After security experts disclosed that North Korean threat actors had traded on the platform, Hyperliquid's net outflow exceeded $256 million.

Hyperliquid experienced its largest single-day outflow ever after security experts reported that North Korean hackers were trading on this new Layer-1 crypto derivatives platform.

MetaMask security researcher Tay Monahan mentioned in a post on the X platform on December 23 that hackers associated with the Democratic People's Republic of Korea (DPRK) had started using the platform as early as October.

"Yall, DPRK is not trading. DPRK is testing." Monahan added in a follow-up post.

Source: Tay Monahan

According to data from Dune Analytics, the total net outflow from this derivatives platform in the past 30 hours has exceeded $256 million.

On December 23, Hyperliquid's outflow reached a historic high of $502.71 million, while inflows exceeded $253.5 million.

In the past 30 hours, Hyperliquid's total net outflow has exceeded $256 million. Source: Dune Analytics

Hyperliquid stated on its Discord server that they 'have noted the relevant reports regarding suspected DPRK address activity. Hyperliquid has not been attacked by DPRK, nor has there been any other form of attack. All user funds are intact.'

North Korean hackers, including the Lazarus Group, have stolen $1.3 billion worth of cryptocurrency so far this year, double the amount stolen last year, highlighting intensified efforts to raise funds.

Monahan further claimed that Hyperliquid's security and infrastructure are largely centralized, relying solely on four validators.

Monahan's post sparked widespread reactions from crypto commentators, with supporters of Hyperliquid accusing her of causing unnecessary panic.

According to data from TradingView, the native token of the exchange, Hyperliquid (HYPE), has also been affected, having dropped 20% since reaching a historical high of $35 on December 22, currently trading at around $28.

Nevertheless, other developers and security researchers continue to support Monahan's reputation as a security expert.

"Maybe you don't like Tay's way of communicating, but at least we're discussing it now: When the hounds of gold appear, it's at least equivalent to a secondary fire alarm," wrote Laurence Day, co-founder of Wildcat Labs.

"I've encountered Lazarus before, and you don't want to see them do anything that looks 'stupid,' because it's often not like that." Day added in a follow-up post.

There are 'two lines of defense' in the face of significant attacks

Anonymous developer Cygaar stated that if North Korea attacks Hyperliquid, two lines of defense can be employed to prevent the large-scale theft of USD Coin (current price dropping to $1.00).

(Editor’s note: Twitter content translated automatically) Summary of the HyperLiquid situation:

Cons:

  • I wouldn't be surprised if North Korean hackers are looking for ways to attack.

  • It takes 3/4 of the validators to be compromised to withdraw the entire $2.3 billion USDC from the bridge.

Pros:

  • Once an attack occurs, the two lines of defense can work to prevent funds from being stolen.

  • Circle can freeze the addresses of the attackers to prevent the stolen funds from being used.

  • Arbitrum can roll back the chain to undo the attack and restore the HL bridge.

Conclusion:

  • I am not completely panicking over this right now - if the worst happens, there are guardrails to protect.

  • First, it remains to be seen whether the validators will be compromised. I know nothing about HL's opsec, but given that each of the four validators is crucial, I imagine they would be very skilled.

Source: Cygaar

Cygaar stated that the issuer of USDC, Circle, can blacklist these addresses to completely prohibit their transfer of tokens, freezing the flow of funds from potential threat actors.

"If they act quickly enough, they can prevent the attackers from trading the stolen USDC, effectively freezing the funds. This should allow Circle to return the funds to the HL bridge," Cygaar added.

Secondly, Cygaar stated that the Arbitrum Chain on which Hyperliquid is based can prevent fund losses by rolling back the chain. However, Day stated that unless the chain faces an 'existential' threat, Arbitrum rollback 'absolutely will not' happen.