Hyperliquid Faces Controversy Over North Korean Hacker Transactions
“You either die a hero, or you live long enough to see yourself become the villain.” — Harvey Dent
Hyperliquid faced controversy 25 days after its highly acclaimed airdrop. Taylor Monahan, a security researcher at MetaMask, raised concerns about transactions linked to North Korea-tagged wallets, reporting a loss of $701k from ETH perps positions.
This amount is small for state-sponsored hackers, but the situation alarmed many due to the implication that North Korean hackers were learning to use Hyperliquid, likely to initiate a future attack. Monahan noted that Hyperliquid’s centralized validator set of four increases vulnerability to hacks.
Hyperliquid's liquidity is locked in a bridge from Arbitrum, where it previously functioned as a perps DEX application. After migrating to a Tendermint-consensus PoS L1 chain in March 2024, Hyperliquid retained this bridge as the sole onboarding method.
Dune analytics reported a record high net outflow of $114.7m in USDC liquidity in one day, although this remains a small portion of the total $2.22b in TVL.
Speculation surrounds a potential Hyperliquid hack, with requirements for attack success including compromising three of the four validators to meet a two-thirds quorum. If successful, natively minted USDC on Arbitrum could be frozen by Circle before hackers can convert stolen funds into assets like ETH. This process relies on legal actions, which may delay response times.
Alternatively, hackers might attempt to swap to USDC.e (Ethereum-native USDC tokens bridged to Arbitrum) onto Ethereum L1. Matt Fiebach from Entropy Advisors outlined that blocking such a transfer would be contingent upon the Arbitrum Security Council's discretion regarding critical risks associated with the protocol.
Lastly, finding sufficient liquidity venues for cashing out stolen funds poses a challenge, as $2 billion of liquidity is dispersed across various third-party bridges, leading to significant slippage issues.