Hyperliquid has witnessed the largest outflow of funds in a single day after security experts reported that North Korean hackers are trading on a new Layer-1 Derivative cryptocurrency platform.
Security researcher Metmask, Tay Monahan, reported in a post on December 23 that hackers affiliated with the Democratic People's Republic of Korea (DPRK) have been using this platform since at least October.
"Hey, DPRK is not trading. DPRK is testing," Monahan added in a follow-up post.
Source: Tay Monahan
The actual outflow from this Derivative platform has exceeded $256 million over the past 30 hours, according to data from dune analytics.
The outflow from Hyperliquid on December 23 reached a record $502.71 million, while the inflow was over $253.5 million.
The actual outflow from Hyperliquid has exceeded $256 million over the past 30 hours. Source: dune analytics
Hyperliquid has stated on its Discord server that they "are aware of the reports circulating about activity from addresses allegedly associated with the DPRK. There has been no DPRK attack – or any attack – on Hyperliquid. All user funds are safe."
North Korean hackers like the Lazarus group have stolen $1.3 billion worth of Cryptocurrency so far this year — double the amount they had siphoned off last year, to bolster leader Kim Jong Un's efforts to amass funds for the sanctions-hit nation.
Monahan also claimed that Hyperliquid's security and infrastructure are largely centralized, relying on only four validators.
Monahan's post has sparked a flurry of reactions from Cryptocurrency experts, with Hyperliquid supporters accusing her of creating unnecessary fear.
The Hyperliquid Token (HYPE) has also been impacted, dropping 20% from its all-time high of $35 on December 22, and is currently trading at $28, according to data from TradingView.
However, other developers and security researchers have backed Monahan's credibility as a security expert in the Cryptocurrency industry.
"You may not like how Tay communicates, but at least we're discussing: Kim's [Jong Un] henchmen showing up is always a two-alarm signal," Wildcat Labs co-founder Laurence Day wrote.
"I've encountered the Lazarus group before, and you DO NOT want them doing anything that seems 'silly' because it usually isn't," Day added in a post later.
There Are "Two Lines of Defense" in Case of a Major Exploit
Anonymous developer Cygaar said that if North Korea attacks Hyperliquid, there are two lines of defense that could be used to prevent the large-scale theft of USD Coin (USDC).
Source: Cygaar
Cygaar said that the issuer of USDC, Circle, could blacklist addresses from Token Migration entirely to freeze the movement of potential threats.
"If they act quickly enough, they could prevent the attacker from being able to trade the stolen USDC and effectively freeze the funds. This would allow Circle to refund the funds back to the HL bridge," he added.
Secondly, Cygaar said that the Arbitrum chain — the network that Hyperliquid is built on — could roll back the chain to prevent the loss of funds. However, Day said that rolling back Arbitrum "absolutely would not" happen unless there was an "existential threat" to the chain.
