Author: Azuma, Odaily
The popular project Hyperliquid (HYPE) today experienced the largest pullback since its launch.
Bitget's market data shows that as of around 2:00 pm Beijing time, HYPE was temporarily reported at 26.21 USDT, with a daily drop of as high as 20.5%.
Have North Korean hackers set their sights on Hyperliquid?
Looking at market news, the biggest event discussed in the Hyperliquid community today is a warning from the well-known security researcher Tay (@tayvano_) - several North Korean hacker addresses marked as such have recently been transacting on Hyperliquid, currently with a total loss of over $700,000.
Although as of the time of writing, Hyperliquid has not shown any signs of being attacked, but as Tay said, "If I were one of the 4 validators of Hyperliquid, I might have pissed my pants by now"... The signs of activity from the strongest hacking force in the cryptocurrency world may mean that North Korean hackers have identified Hyperliquid as a potential target and are testing the system's stability through transactions.
After Tay's post was released, it immediately sparked heated discussions in the community, especially the issue of the "4 validators" mentioned by Tay, which some community users even saw as the weakest link in the current Hyperliquid system security.
Potential threat: $2.3 billion relies on 3/4 multi-signature
Abstract developer cygaar explained that the Hyperliquid bridge contract deployed on Arbitrum currently has $2.3 billion in USDC, and most of the functions in this bridge contract require signatures from 2/3 of the validators to execute (since there are only 4 validators, it actually requires 3 signatures).
Assuming that the majority (3/4) of the validators are compromised, the compromised validators can submit a request to withdraw all the USDC on this bridge contract and send them to a malicious address. Since the attackers have control of the majority of the validators, they will be able to successfully pass and ultimately confirm the withdrawal request, meaning that the $2.3 billion in USDC will be transferred to the attackers.
There are currently two lines of defense to prevent these USDC from being lost forever.
The first line of defense is to defend at the USDC contract layer. Circle's blacklist mechanism can completely prohibit the transfer of USDC to specific addresses, and if they act quickly enough, they can prevent the attackers from transferring the stolen USDC, effectively freezing the funds and reimbursing the Hyperliquid bridge contract.
Regarding this line of defense, security expert ZachXBT commented that Circle's efficiency is very low and not to expect them to take any remedial action, but ZachXBT also clarified that this comment was only about Circle and did not involve any views on Hyperliquid.
The second line of defense is to defend at the Arbitrum network layer. The current Arbitrum L1/L2 bridge contract on Ethereum is protected by a 9/12 multi-signature contract (Security Council). Assuming the attackers somehow gain control of this $2.3 billion USDC and immediately convert it to other tokens, thereby avoiding Circle's blacklist mechanism. In theory, Arbitrum's Security Council can also change the state of the chain, roll back and prevent the initial attack transaction from occurring. In an "emergency", this council can vote to decide whether to intervene in this way.
cygaar added that the last line of defense is obviously highly controversial and should only be used in the most dire situations.
"Intentional FUD" or "Well-intentioned warning"? Community reactions are divided
Regarding Tay's warning post, the community reaction has shown a clear polarization.
On the one hand, some community members believe that Tay's warning is an exaggeration, especially after the HYPE price drop, many community users believe that Tay is just "intentionally FUDing".
· Some community members pointed out that North Korean hackers will target any protocol with high TVL, and the mere discovery of hacker traces does not mean the protocol is under threat;
· Some community members also pointed out that Tay himself actually works for ConsenSys, and his so-called "warning" may have ulterior motives, which is actually just to help ConsenSys reach the most favorable cooperation with the Hyperliquid team.
On the other hand, some well-known figures have also chosen to support Tay's security work.
· Well-known white hat hacker samczsun said that although Tay has been serving the cryptocurrency industry for free for several years, he is now being heavily criticized just because HYPE's price dropped sharply after this warning was released... It's really sad to see such news.
· Wintermute founder and CEO Evgeny Gaevoy also said that Tay's communication style may be a bit rough (this tweet was posted after Tay had a heated exchange with some users who accused him), but you can't ignore information like this.
In summary, for Hyperliquid, which has been smooth sailing since its launch, today's discussion can be said to be a not-so-small incident in the project's operation. It's not so small because some of Hyperliquid's system-level vulnerabilities have been exposed, and the community consensus on this incident has shown a certain degree of divergence... But as a leading project aiming to revolutionize industry rules, this incident is more of a touchstone than a difficulty, and how Hyperliquid will solve the 3/4 multi-signature issue and calm the FUD will also be a good opportunity for the market to re-evaluate the quality and efficiency of this project.
