Allegations of insolvency and backdoors have thrust Hyperliquid, currently the hottest derivatives protocol, into the spotlight. But this is more than just a public relations crisis; it's a stress test of the boundaries of transparency in high-performance DeFi.
Written by: angelilu, Foresight News
On December 20, 2025, a technical article titled " Reverse Engineering Hyperliquid " published on blog.can.ac directly disassembled Hyperliquid's binary files through reverse engineering, accusing it of nine serious problems ranging from "insolvency" to a "God mode backdoor." The article bluntly stated: "Hyperliquid is a centralized exchange disguised as a blockchain."
In response to FUD (Fear, Uncertainty, and Uncertainty), Hyperliquid released a lengthy statement, which may not only be a simple clarification but also a declaration of intent regarding "who is the truly decentralized trading facility." While the official statement successfully clarified the issue of fund security, it still left intriguing "blank spaces" in certain sensitive areas of decentralization.
Where did the $362 million go? Audit blind spots under the "dual ledger" system.
The most damaging allegation is that user assets within the Hyperliquid system are $362 million less than on-chain reserves. If true, this would mean it's a partially-reserved "on-chain FTX."
However, after investigation, this was found to be a misinterpretation due to information asymmetry caused by an "architectural upgrade." The auditor's logic was: Hyperliquid reserves = USDC balance on the Arbitrum cross-chain bridge. Based on this logic, he checked the cross-chain bridge address and found that the balance was indeed less than the user's total deposits.
Hyperliquid responded that it is undergoing a complete evolution from an "L2 AppChain" to an "independent L1". In this process, asset reserves have become a dual-track system.
The accusers completely ignored the native USDC located on HyperEVM, according to on-chain data (as of press time):
- Arbitrum cross-chain balance: 3.989 billion USDC (verifiable on Arbiscan )
- HyperEVM native balance: 362 million USDC (verifiable on Hyperevmscan)
- HyperEVM contract balance: 0.59 billion USDC
Total solvency = 3.989 billion + 362 million + 59 million ≈ 4.351 billion USDC
This figure perfectly matches the total user balances on HyperCore. The so-called "362 million shortfall" is precisely the native assets that have been migrated to HyperEVM. This is not a disappearance of funds, but rather a transfer of funds between different ledgers.
The 9-point accusation statement: What did it clarify? What did it evade?
Clarified allegations
Accusations: "CoreWriter" God Mode: Accusations allege that it can print money out of thin air and misappropriate funds.
Response: The official explanation is that this is an interface for L1 to interact with HyperEVM (such as staking), and the permissions are limited, and there is no ability to misappropriate funds.
Allegations: A funding gap of 362 million.
Response: As mentioned above, Native USDC was not included.
Allegation: Undisclosed loan agreement.
Response: The official statement indicated that the document for the spot/lending function (HIP-1) has been made public and is in the pre-release stage, not operating in secrecy.
Allegations admitted but with reasonable explanation
The allegation is that the binary file contains code to "modify transaction volume" (TestnetSetYesterdayUserVlm).
Response: The existence of this code is acknowledged. However, it is explained as residual code from the testnet used to simulate rate logic; the mainnet nodes have physically isolated this path and it cannot be executed.
The allegation is that only 8 broadcast addresses were able to submit transactions.
Response: Acknowledgment. Explained as an anti-MEV (Maximum Extractable Value) measure to prevent users from being preemptively acquired. A commitment was made to implement a "multi-proposer" mechanism in the future.
The allegation is that the blockchain can be "planned to freeze" and has no way to undo it.
Response: Acknowledgement. Explanation: This is the standard procedure for network upgrades, requiring a complete network pause for version switching.
The allegation is that oracle prices can be instantly overwritten.
Response: This is explained as a system security design feature. To promptly liquidate bad debts during extreme fluctuations like 10/10, the validator oracle does not have a time lock.
Response missing/vague
In our review, two allegations were not addressed or fully resolved in the official response:
The allegation is that governance proposals are unqueryable; users can only see that a vote has taken place, but the on-chain data does not contain the specific text content of the proposals.
Response: The official statement did not address this point in its lengthy post. This means that Hyperliquid's governance remains a "black box" for ordinary users; you can only see the results, not the process.
Allegations: The cross-chain bridge has no "escape hatch," withdrawals may be subject to indefinite review, and users cannot force withdrawals back to L1.
Response: While the official explanation for locking the bridge in the POPCAT incident was for security, it did not refute the fact that the architecture had no escape pod. This indicates that at the current stage, the entry and exit of user assets highly depends on the validator set's approval and does not possess the censorship-resistant forced withdrawal capabilities of L2 Rollups.
"Comparing and belittling" competitors
The most interesting aspect of this controversy is that it forced Hyperliquid to reveal its true strength, giving us a chance to re-examine the landscape of the Perp sector. In its response, the official response unusually took a dig at competitors, targeting Lighter, Aster, and even industry giant Binance.
It states, "Lighter uses a single centralized sequencer whose execution logic and zero-knowledge proof (ZK) circuitry are not publicly disclosed. Aster uses centralized matching and even offers dark pool trading, which can only be implemented with a single centralized sequencer and an unverifiable execution process. Some other protocols that include open-source contracts do not have verifiable sequencers."
Hyperliquid openly categorizes these competitors as relying on a "centralized sequencer." The official statement emphasizes that on these platforms, no one except the sequencer operator can see a complete snapshot of the state (including order book history and position details). In contrast, Hyperliquid attempts to eliminate this "privilege" by having all validators execute the same state machine.
This wave of criticism may stem from Hyperliquid's concerns about its current market share. According to DefiLlama's trading volume data over the past 30 days, the market structure has become a three-way competition:
- Lighter: With a trading volume of $232.3 billion, it currently ranks first, accounting for approximately 26.6%.
- Aster: With a trading volume of $195.5 billion, it ranks second, accounting for approximately 22.3%.
- Hyperliquid: With a trading volume of $182 billion, it ranks third, accounting for approximately 20.8%.
Faced with the surging trading volumes of Lighter and Aster, Hyperliquid attempted to play the "transparency" card—that is, "Although I have 8 centralized broadcast addresses, my entire state is on-chain and verifiable; while you can't even check it." However, it's worth noting that while Hyperliquid lags slightly behind the top two in trading volume, it overwhelmingly dominates in terms of open interest (OI).
Public opinion response: Who is short HYPE?
Beyond technical and funding issues, the community is also most concerned about recent rumors that the HYPE token has short and dumped by "insiders." In response, a Hyperliquid team member gave their first definitive statement on Discord: "The short short address starting with 0x7ae4 belongs to a former employee," who was a team member but was dismissed in early 2024. This former employee's personal trading activities are unrelated to the current Hyperliquid team. The platform emphasizes that it currently implements extremely strict HYPE trading restrictions and compliance reviews for all current employees and contractors, strictly prohibiting insider trading using their positions.
This response attempts to downgrade the allegations of "team misconduct" to "the individual actions of a former employee," but the community may still expect more detailed disclosure regarding the transparency of the token distribution and unlocking mechanisms.
Don't trust, Verify
Hyperliquid's clarification tweet was a textbook example of crisis management—it didn't rely on emotional outbursts, but rather on data, code links, and architectural logic. Instead of simply proving its innocence, it turned defense into offense, reinforcing its brand and advantage of "full state on-chain" by comparing its architecture with competitors.
Although FUD has been disproven, this event has left the industry with profound reflections. As DeFi protocols evolve into independent application chains (AppChains), their architectures are becoming increasingly complex, and asset distribution is becoming increasingly fragmented (Bridge + Native). The traditional method of checking accounts by "glancing at the contract balance" is no longer effective.
For Hyperliquid, proving that "money is there" is only the first step. The crucial step towards becoming the "ultimate DEX" is to gradually transfer control of the eight commit addresses while maintaining high performance and MEV resistance, truly achieving the leap from "transparent centralization" to "transparent decentralization."
For users, this incident once again confirms the ironclad rule of the crypto world: don't trust any narrative, verify every single byte.
