Hyperliquid refutes being attacked by the Lazarus group of North Korea, although on-chain data shows evidence of large-scale fund withdrawals. The report states that on-chain data shows wallet addresses associated with North Korea have collectively deposited and withdrawn a significant amount of ETH from this platform on December 23.
Taylor Monahan, a security expert at Metamask, warned that hackers do not need to interfere with user funds to violate security and have clearly identified vulnerabilities in Hyperliquid's system.
Hyperliquid: Lazarus' Next Target?
Hyperliquid, a decentralized exchange, has officially responded to the criticism through Discord. Rumors of an attack by North Korean hackers have spread today, leading users to withdraw $60 million from the platform. The platform's HYPE token had declined before this incident, forcing the official accounts to deal with the losses.
"There has been no mining from North Korea - or any mining - at Hyperliquid. All user funds are safe. Hyperliquid Labs takes OpSec very seriously. No one has reported any vulnerabilities. To be clear, there have never been any allegations of mining at Hyperliquid," one of the platform's directors announced on Discord.
Hyperliquid has not yet issued any public statements or announcements to explain the allegations. Instead, on-chain data reveals that accounts associated with Lazarus have deposited 476,489 USD worth of ETH tokens onto Hyperliquid before withdrawing them.
While this is not a clear sign of being hacked, it raises the question of why the platform witnessed a large withdrawal from suspicious wallet addresses in a single day.
However, MetaMask security expert Taylor Monahan urged for more caution. The crypto industry is clearly aware of the severity of any incidents involving the notorious Lazarus group. Therefore, Hyperliquid should take these threats seriously, according to the security expert.
North Korean Hackers Remain a Nightmare
The U.S. government believes Lazarus has stolen nearly $900 million. Overall, North Korean hackers have carried out some of the biggest hacks in the Cryptocurrency sector in 2024. In fact, DPRK agents were behind the major Radiant Capital hack earlier this year, involving the breach of the platform's complex multisig wallet authentication system.
The speculation that similar entities may be interested in Hyperliquid is extremely concerning.
"I'm quite concerned that you guys are at a higher risk because the reality is we know that these specific threat actors are now familiar with your platform. I really want to emphasize that this is the most creative and advanced DPRK group. They are very creative and persistent," Monahan stated.
Monahan further noted that the platform's evasive and defiant attitude is a very concerning sign. Even if Lazarus has not disrupted any funds at Hyperliquid, they may have infiltrated its security system.
The Metamask security expert also revealed that the company has no more than 4 auditors, all running the same code, and an undetermined number of higher-level individuals who may bypass key security vulnerabilities.
In summary, if the founders, executives, and engineers use the same devices to access dependent systems, a single malicious software link could compromise the entire operation. Lateral movement is a key strategy of North Korean hackers, where they exploit multiple access points to traverse the network.
Therefore, if a senior individual's personal device is compromised, a major attack becomes inevitable. However, so far, Hyperliquid does not seem overly concerned about these allegations.
