Hyperliquid Faces Record Outflow Amid North Korean Hacker Activity

Hyperliquid, a newly launched layer-1 crypto derivatives platform, has faced its largest single-day outflow after allegations surfaced of North Korean hackers exploiting the platform.

The controversy began on December 23 when Tay Monahan, a security researcher at Metamask, claimed in an X post that hackers linked to the Democratic People’s Republic of Korea (DPRK) had been using Hyperliquid since October.

“DPRK doesn’t trade. DPRK tests,” Monahan remarked in a follow-up post, raising alarm about the platform’s vulnerabilities.

Over $256M Withdrawn From Hyperliquid

The allegations have triggered significant outflows from Hyperliquid, with Dune Analytics reporting $256 million in net withdrawals over 30 hours.

On December 23 alone, the platform saw outflows peak at $502.71 million, with inflows reaching $253.5 million.

In response, Hyperliquid reassured users via its Discord server, stating, “There has been no DPRK exploit—or any exploit for that matter—of Hyperliquid. All user funds are accounted for.”

DPRK's trading career is…uh….going…..🙈

tbh if i was the dude managing Hyperliquid's 4 validators (or those fucking ghetto ass binaries on gh) I would be shitting my pants right now.

Hyperliquid dudes dont seem worried at all though so im sure its fine. 🫠 pic.twitter.com/JrrU7t1sJe

— Tay 💖 (@tayvano_) December 22, 2024

The incident comes amid escalating concerns about North Korean cyberattacks.

Groups like the Lazarus Group have reportedly stolen $1.3 billion worth of crypto this year, doubling last year’s figures as the regime seeks to bypass global sanctions.

Monahan also criticized Hyperliquid’s centralized infrastructure, alleging it relies on just four validators.

Her claims sparked mixed reactions within the crypto community. Supporters of Hyperliquid accused her of fearmongering, while others defended her credibility.

Wildcat Labs co-founder Laurence Day wrote, “Kim [Jong Un’s] goons showing up is always at least a two-alarm fire.”

The controversy has impacted Hyperliquid’s native token, HYPE, which fell 20% from its all-time high of $35 on December 22 to $28, according to TradingView.

Security Experts Debate Potential Defenses

Amid the fallout, security experts debated potential defenses against a DPRK attack.

Pseudonymous developer Cygaar suggested two measures to prevent significant losses of USD Coin (USDC).

First, USDC issuer Circle could blacklist malicious addresses to freeze stolen funds.

“If they act quickly enough, Circle can return funds back to the HL bridge,” Cygaar noted.

Second, Cygaar proposed that the Arbitrum Chain, which hosts Hyperliquid, could roll back transactions to recover stolen funds.

However, Laurence Day dismissed this option, stating an Arbitrum rollback would occur only in an “existential” crisis.

Disclaimer: HYPE holder, not looking for generational entry etc

Some cold water on this: Circle are not going to freeze funds without a court order (which takes time to acquire) and Arbitrum are *absolutely not* going to do a rollback for anything less than an absolutely… https://t.co/Bvt5QI31JB

— laurence (@functi0nZer0) December 23, 2024

As reported, the crypto industry witnessed losses totaling $1.49 billion in 2024 due to hacks and fraud, marking a 17% decrease from 2023.

According to blockchain security platform Immunefi, hacks were overwhelmingly the primary cause, accounting for $1.47 billion or 98.1% of the total losses across 192 incidents.

Fraud, including rug pulls and scams, represented just 1.9% of the losses at $28 million, though this category saw a 72% increase year-on-year.

On a quarterly basis, Q2 2024 was the most damaging, with losses reaching $572.6 million, driven by major incidents at DMM Bitcoin and BtcTurk.

Q4 recorded the least losses at $150.5 million, reflecting improved resilience during the year.

Despite the staggering numbers, $115.6 million was recovered in 14 incidents, representing 7.7% of the stolen funds.

Source: cryptonews.com