MetaMask security personnel Taylor Monahan (@tayvano_) has warned about the activities of North Korean hackers on the recently popular exchange Hyperliquid, igniting a battle with the Hyperliquid supporter community. This has poured cold water on the steadily rising HYPE, which is certainly not what the community wants to see. What happened between Hyperliquid and the North Korean hackers, and how will Hyperliquid respond?
Table of Contents
ToggleMetaMask Security Personnel Taylor Monahan: Hyperliquid May Be in Big Trouble
MetaMask security personnel Taylor Monahan revealed on 12/23 that addresses marked as North Korean hackers have entered Hyperliquid and traded with 20x leverage long on ETH, ultimately suffering a $700,000 loss. This is a very critical signal for Monahan:
"Those who think the risk of Hyperliquid is being frozen by the US government are idiots, North Korean hackers don't trade coins, they only 'test'."
Monahan told Hyperliquid that she or her colleagues are willing to provide assistance, urging Hyperliquid to toughen up and face the invasion of North Korean hackers. She said that if she were the administrator of Hyperliquid with only four validators, she would have been scared to death.
Reasons for the Risks in the Hyperliquid System
Monahan explained that Hyperliquid's validators do not exceed 4, and they all run the same code, which may also be co-located. The centralized infrastructure, system construction, etc. are maintained and accessed by an unknown number of founders, managers, and engineers, who use the same equipment to access the said system, just as they communicate with people, call VCs, and read twitter.
The initial input will be the same as usual: messages from people they know or should know, containing eye-catching links or documents that the target should read and want to read.
She said: "That will silently deliver malware. The malware will be the same variants we've seen before. If they really want to move quickly, they'll use a chrome 0day to attack, but that's not necessary here, so they won't."
She emphasized that the attack itself is for money, and once they gain access, they will steal all the funds. You can mitigate the risk by strengthening security, and in this case, education, access restriction, monitoring, and detection will be very effective. Don't put all your eggs in one basket, and don't use pre-built unsigned binaries that everyone uses. These are also things that DeFi protocols never do, because they're busy auditing their smart contracts, doing token economics, and tweeting.
"If you don't believe me, ask the team if every engineer who can access critical systems uses dedicated devices managed by Hyperliquid." The answer will be no, Monahan said. Those will be their personal devices, without antivirus software (AVS) and endpoint detection and response (EDR) solutions. In fact, they don't even know if they're infected, they just know they haven't had their funds stolen yet.
Too Worried? The Prophet Tells You to Run Quickly?
Some comments believe that if Monahan's assumptions are true, they are indeed worth worrying about. But perhaps Hyperliquid has already prepared for all these basic security issues.
Others said that they have been targeted by North Korea many times. Hackers constantly try to access accounts, phish, etc. And Monahan is the first person they turn to for help. If she proactively protects you and seeks help, it should be credible. Many who believe Monahan say that although she always speaks unpleasantly, she is a person who cares deeply about industry security and is willing to help.
Unforeseeable Centralization Risks
To add another potential risk, Hyperliquid adopts an order book model, and although users use their own wallets, they still need to transfer funds to Hyperliquid to trade. This means that only after the user safely transfers the funds out to their own wallet are the assets self-custodied. Essentially, it is similar to centralized exchanges, but current centralized exchanges have the responsibility of preventing money laundering and counter-terrorism financing, and KYC (user information verification) is a basic requirement. Hyperliquid is currently riding on the surface of on-chain applications, and if funds from North Korean hackers or other internationally focused entities are involved, it may indeed bring further regulatory risks.
Hyperliquid Strongly Responds: No Problems
In response to Monahan's warning, Hyperliquid strongly responded on Discord:
"Hyperliquid Labs is aware of reports of alleged activity from addresses marked as North Korean (DPRK). We clarify here that Hyperliquid has not been subject to any attack from North Korea or any other form of attack. All user funds have been verified to be intact."
Hyperliquid Labs has always placed a high emphasis on operational security (opsec). So far, no one has reported any vulnerabilities. As before, we have a generous bug bounty program and use industry-leading standards for blockchain analysis.
Previously, someone claimed to be a security-related party trying to contact us. To clarify, there have never been any allegations of attacks on Hyperliquid. This party added a fraudulent account to the group chat and then communicated in an insulting manner. Given the level of professionalism exhibited, the development team has instead engaged with trusted partners and confirmed that their operations follow best practice standards.
Hyperliquid faces significant USDC outflows recently
According to Dune Analytics statistics, since the incident was reported, the Hyperliquid project, which is still built on Arbitrum, has seen tens of millions of USDC outflows. The total accumulated funds of Hyperliquid, which once reached 2.06 billion USDC, are now down to 1.675 billion USDC.
However, the HYPE token itself has not been affected, rising nearly 5% daily and still trading at $29.95.
Risk Warning
Cryptocurrency investments are highly risky, and their prices may fluctuate dramatically, potentially resulting in the loss of your entire principal. Please carefully evaluate the risks.
