Hyperliquid at Risk? North Korean Hackers Trade on Platform

Key Takeaways

• Hyperliquid sees trading activity from North Korean hacker addresses.
• On-chain observers believe this activity may signal a larger hacking operation.
• Crypto experts suggest potential methods to prevent breaches on the platform.

Hyperliquid, a decentralized leveraged trading platform, is under scrutiny after suspicious trading activity linked to North Korean hackers.

On-chain analysts have detected a surge in transactions from flagged addresses, raising alarms about a potential breach and larger, more sophisticated hacking plot.

Despite recently reaching a total value locked (TVL) of $22 billion, the platform’s relatively young infrastructure has prompted concerns about its security.

Is Hyperliquid at Risk of a Major Breach?

Over the past week, these accounts have collectively lost more than $700,000 on the platform. While some believe these losses are part of a smokescreen, others suggest they may signal the testing of a broader hacking conspiracy.

One popular crypto influencer on X highlighted that Hyperliquid only relies on four validators for its security. If hackers were to compromise three of these validators, they could access billions in crypto funds stored in the platform’s bridge.

Cygaar, a crypto software developer, explained that the Hyperliquid bridge currently holds $2.3 billion in USDC.

Since the platform operates on a two-thirds quorum requirement for validator signatures, just three out of the four validators could authorize a withdrawal request for the entire amount, sending it to a malicious address controlled by hackers.

Defending Against a Potential Attack

The low number of validators poses a significant security risk, but experts have suggested ways to potentially mitigate the damage in the event of a breach.

Cygaar proposed two lines of defense that could help prevent the hackers from converting stolen assets.

The first defense involves the USDC contract issuer, Circle, which could blacklist the addresses used in the attack.

This would prevent the stolen USDC from being moved or converted into other assets, such as ETH, which is a common tactic employed by North Korean hackers.

If Circle acts swiftly, it could freeze the stolen funds and potentially return them to the Hyperliquid bridge before the hackers have a chance to launder them.

However, this approach requires rapid action to be effective, given the hackers’ tendency to use privacy protocols like Tornado Cash to obscure their movements.

The second defense mechanism involves the Arbitrum chain, which secures the Hyperliquid platform.

The Arbitrum bridge contract is protected by a 9/12 multi-signature security council, which oversees the state of the chain.

In the event of an emergency, the council has the ability to roll back transactions and alter the chain’s state to reverse any malicious activity.

However, using this rollback feature is highly controversial within the crypto community. Many see such actions as a breach of the blockchain’s core principles of decentralization.

A similar proposal was met with backlash when former Binance CEO Changpeng Zhao suggested a Bitcoin blockchain rollback after a massive hack in 2020.

Cygaar emphasized that the Arbitrum security council’s rollback power should only be used in the most extreme circumstances, given the potential for centralization concerns.

While these proposed defense mechanisms may provide some level of protection, the risk remains.