Hyperliquid refutes being attacked by the Lazarus group of North Korea, although on-chain data shows evidence of large-scale fund withdrawals. The report states that on-chain data shows wallet addresses associated with North Korea have collectively deposited and withdrawn a significant amount of ETH from this platform on December 23.
Taylor Monahan, a security expert at Metamask, warned that hackers do not need to interfere with user funds to breach security and have clearly identified vulnerabilities in Hyperliquid's system.
Hyperliquid: Lazarus' Next Target?
Hyperliquid, a decentralized exchange, has officially responded to the criticism through Discord. Rumors of an attack by North Korean hackers have spread today, leading users to withdraw $60 million from the platform. The platform's HYPE Token had declined before this incident, forcing the official accounts to deal with the damage.
"There has been no exploit from North Korea - or any exploit - at Hyperliquid. All user funds are safe. Hyperliquid Labs takes OpSec very seriously. No one has reported any vulnerabilities. To be clear, there have never been any allegations of an exploit at Hyperliquid," one of the platform's directors announced on Discord.
Hyperliquid has not yet issued any public statement or announcement to explain the allegations. Instead, on-chain data reveals that accounts associated with Lazarus have deposited 476,489 USD worth of ETH Tokens onto Hyperliquid before withdrawing them.
While this is not a clear sign of an exploit, it raises the question of why the exchange witnessed a large withdrawal from suspicious wallet addresses in a single day.
However, security expert MetaMask's Taylor Monahan urges for more caution. The crypto industry is clearly aware of the severity of any incident involving the notorious Lazarus group. Therefore, Hyperliquid should take these threats seriously, according to the security expert.
North Korean Hackers Remain a Nightmare
The U.S. government believes Lazarus has stolen nearly $900 million. Overall, North Korean hackers have carried out some of the biggest hacks of 2024 in the Cryptocurrency sector. In fact, DPRK agents were behind the major Radiant Capital hack earlier this year, involving the breach of the platform's complex multisig wallet authentication system.
The speculation that similar entities may be interested in Hyperliquid is extremely concerning.
"I'm quite concerned that you guys are at a higher risk because the reality is we know that these specific threat actors are now familiar with your platform. I really want to emphasize that this is the most creative and advanced threat group out of all the DPRK groups. They are very creative and persistent," Monahan stated.
Monahan further noted that the exchange's evasive and defiant attitude is a very concerning sign. Even if Lazarus has not disrupted any funds at Hyperliquid, they may have infiltrated its security system.
The Metamask security expert also revealed that the company has no more than 4 auditors, all running the same code, and an undetermined number of higher-level individuals who may bypass security vulnerabilities.
In summary, if the founders, executives, and engineers use the same devices to access dependent systems, a single malicious software link could compromise the entire operation. Lateral movement is one of the North Korean hackers' key strategies, where they exploit multiple access points to traverse the network.
Therefore, if a senior individual's personal device is compromised, a major attack becomes inevitable. However, so far, Hyperliquid does not seem overly concerned about these allegations.
