HyperLiquid Net Raises Over $250M Amid Concerns About North Korean Hackers
HyperLiquid experienced its biggest one-day inflow after security experts said North Korean hackers were trading on the new Layer-1 crypto derivatives platform.
Metmask security researcher Ty Monahan said in a December 23 post that hackers with ties to the Democratic People's Republic of Korea (DPRK) have been using the platform since October.
“Yal, DPRK will not trade. DPRK conducts tests,” Monhan added in a follow-up post.
According to data from Dune Analytics, net inflows from the startup platform increased by $256 million in the last 30 hours.
On December 23, HyperLiquid posted a record high of $502.71 million, bringing its revenue to over $253.5 million.
HyperLiquid said it was aware of reports circulating on its Decord server “regarding activities at DPRK addresses.” There is no exploitation of the DPRK – or for that matter – the Hyperliquid. All User Funds are held on account.
North Korean hackers like the Lazarus group have stolen $1.3 billion worth of crypto this year — double the amount from last year, as dictator Kim Jong Un's efforts to cut off the country's funds from global sanctions .
Monahan went on to say that HyperLiquid's security and infrastructure is largely centralized, relying on four validators.
Monaghan's post sparked a wide range of reactions from crypto pundits, with HyperLiquid supporters accusing her of creating unnecessary fear.
The exchange's native HyperLiquid (HYPE) token was also hit by the fall, falling 20% from a high of $35 on Dec. 22 and currently changing hands at $28, according to TradingView data.
However, other developers and security researchers have supported Monahan's reputation as a security expert in the crypto industry.
“You may not like the way Tae communicates, but at least we're talking now: Kim [Jong Un’s] writes Lawrence Day, co-founder of Wildcat Labs.
Related: Hypeliquid's HYPE token surges 60% after billion-dollar airdrop
“I've run into Lazarus before, and you don't want them to do something that looks ‘stupid,' because not often,” Day added in a later post.
There are “two lines of defense” in case of massive exploitation
If North Korea were to attack HyperLiquid, there are two lines of defense that could be used to stop the theft of large amounts of USDC, according to an anonymous developer.
USDC Issuing Circle can fully register addresses from tokens to stop the activities of threat actors, Saigar said.
“If you act quickly, you can prevent the attacker from trading in the stolen USDC and effectively block the funds. This circle should be allowed to return the funds to HL Bridge,” he added.
Second, Cigar claims that Arbitrum's chain – a network built on hyperliquidity – can roll back the chain to prevent the loss of funds. However, Day said, unless there is an “existential” threat to the chain, Arbitrum's return will “absolutely not”.
Magazine: Back 2025 — Is Ethereum Ready to Meet Bitcoin and Solana?