HYPE single-day pullback exceeds 20%, are North Korean hackers targeting Hyperliquid?
As of the time of publication, there are no signs that Hyperliquid has encountered any attacks.Author: Azuma, Odaily Planet Daily
The popular project Hyperliquid (HYPE) has encountered its largest pullback since its launch today.
According to Bitget market data, as of around 14:00 Beijing time, HYPE is reported at 26.21 USDT, with a daily drop of up to 20.5%.
North Korean Hackers Targeting Hyperliquid?
Looking around the market news, the most discussed event in the Hyperliquid community today is a warning from well-known security researcher Tay (@tayvano_)------ multiple addresses marked as North Korean hackers have recently been trading on Hyperliquid, with total losses exceeding 700,000 USD.
As of the time of writing, there are no signs of any attacks on Hyperliquid, but as Tay said, "If I were one of the 4 validators managing Hyperliquid, I might have already wet my pants"… The activity signs from the strongest hacking forces in the cryptocurrency world may indicate that North Korean hackers have identified Hyperliquid as a potential target and are testing the system's stability through trading.
After Tay's post, it immediately sparked heated discussions within the community, especially regarding the "4 validators" issue mentioned by Tay, which has led to intense debates, with some community users even viewing it as the weakest link in Hyperliquid's current system security.
Potential Threat: 2.3 Billion USD Reliant on 3/4 Multi-Signature
Abstract developer cygaar elaborated that there are currently 2.3 billion USD in USDC coexisting in the Hyperliquid bridging contract deployed on Arbitrum, and most functions in this bridging contract require 2/3 of the validators' signatures to execute (since there are only 4 validators, 3 signatures are actually needed).
Assuming that the majority (3/4) of the validators are compromised, the compromised validators could submit a request to withdraw all USDC from the bridging contract and send them to a malicious address. Since the attackers control the vast majority of the validators, they would be able to pass and finalize the withdrawal request, meaning that 2.3 billion USD in USDC would be transferred to the attackers.
Currently, there are two lines of defense that can intervene to prevent these USDC from being lost forever.
The first line of defense is to deploy measures at the USDC contract level. Circle's blacklist mechanism can completely prohibit specific addresses from transferring USDC, and if they act quickly enough, they can prevent the attackers from transferring the stolen USDC, effectively freezing the funds and repaying the Hyperliquid bridging contract.
Regarding this line of defense, security expert ZachXBT commented that Circle is very inefficient, and one should not expect them to take any remedial action, but ZachXBT also clarified that this comment is directed only at Circle and does not reflect his views on Hyperliquid.
The second line of defense is to deploy measures at the Arbitrum network level. Currently, the Arbitrum L1/L2 bridging contract on Ethereum is protected by a 9/12 multi-signature contract (security committee). Assuming that the attackers somehow control the 2.3 billion USDC and immediately exchange it for other tokens, thereby circumventing Circle's blacklist mechanism. Theoretically, the Arbitrum security committee could also change the state of the chain, roll back, and prevent the initial attack transaction from occurring. In "emergency situations," the committee can vote to decide whether to intervene in this way.
cygaar added that the last line of defense is obviously highly controversial and should only be used in the most critical situations.
"Deliberate FUD" or "Good Faith Warning"? Mixed Reactions from the Community
In response to Tay's warning post, the community's reactions have shown a stark polarization.
On one hand, some community members believe that Tay's warning is exaggerated, especially after HYPE's decline, many community users think Tay is just "deliberately FUDding".
Some community members pointed out that North Korean hackers target every protocol with high TVL, not just Hyperliquid; merely discovering traces of hackers does not indicate that the protocol is under threat;
Other community members noted that Tay himself actually works for Consensys, and his so-called "warning" has a suspicion of self-interest, essentially just to ensure that Consensys can reach the most favorable cooperation with the Hyperliquid team.
On the other hand, some well-known figures have chosen to support Tay's security work.
Well-known white hat hacker samczsun stated that although Tay has been serving the cryptocurrency industry for free for several years, he has faced fierce criticism for this post, simply because HYPE's price dropped significantly after the warning was issued… It's really sad to see such news.
Evgeny Gaevoy, founder and CEO of Wintermute, also stated that Tay's communication style might be a bit rough (after the tweet was posted, Tay and some users who criticized him had a heated exchange), but you cannot ignore information like this.
In summary, for Hyperliquid, which has been smooth sailing since its launch, today's discussion can be seen as a minor incident in the project's operation. It is considered minor because Hyperliquid has not actually suffered an attack; it is considered significant because some weak links in the Hyperliquid system have been exposed, and there has been a certain degree of divergence in community consensus on this incident… But as a leading player aiming to change industry rules, this incident is more of a good litmus test than a difficulty. How Hyperliquid will address the 3/4 multi-signature issue and quell the UFD will also be a good opportunity for the market to reassess the project's quality and efficiency.
