Are North Korean hackers liquidated on HyperLiquid planning something?

It’s been a rough couple of days for many crypto traders. However, spare a thought for the North Korean hackers who were liquidated for almost $500,000 on decentralized finance (DeFi) protocol HyperLiquid over the weekend.

While some would be happy to see some of the Lazarus Group’s ill-gotten gains go down the drain, others see the activity as a potentially worrying sign.

Read more: DeFi app Delta Prime loses $6M after being warned of Lazarus mole

MetaMask’s Taylor Monahan tracks Lazarus Group-linked addresses across the cryptosphere and flagged the activity on HyperLiquid via a post on X, noting that “DPRK doesn’t trade. DPRK tests.

HyperLiquid runs on its own network, built on top of Arbitrum, an L2 which itself settles to Ethereum mainnet. In order to provide the low latency needed for the CEX-like speed of the exchange, the network relies on just four validators.

According to DeFi developer Cygaar, compromising three of these four would allow infiltrators to extract the 2.3 billion USDC backing the network.

Such an event would be far from the first time the Lazarus Group has managed to pull off something like this,. In 2022 the majority of the Ronin Bridge’s validator set was compromised, leading to over $600 million lost, and in October, Radiant Capital lost $50 million when a threshold of three of 11 multisig signers were duped into signing a malicious transaction.

At the time, concerns were raised over the sheer amount of value secured by often-times relatively few signatures, such as Blast’s three of five multisig securing $1.45 billion.

Some have urged calm, noting that bridging such a large chunk of funds would give time to interrupt the process, and that the primary backing asset, USDC, can be frozen by its issuer, Circle. “Rolling-back” the Arbitrum network in the event of an emergency was even floated as a last resort.

However, others remain sceptical about both Circle’s response time, and Arbitrum’s willingness to roll-back “for anything less than an absolutely self-existential threat.”

A Dune dashboard monitoring USDC on Hyperliquid (by user hashed_official) shows current daily outflows of over 96 million USDC, though $2.24 billion remains in the bridge.

Read more: Radiant Capital’s $50M crypto hack underlines DeFi’s multisig dependence

OverHYPEd?

Since the generous launch of the HYPE token, HyperLiquid has been hailed as the darling of a resurgent DeFi sector.

In response to Monahan’s post, some HyperLiquid holders have taken to minimizing the concerns as FUD designed to sell security services, or even questioning the timing of the warning, which coincides with HYPE’s first major dip in a month of up-only.

Currently trading at around $28, HYPE had climbed since launch to an all-time high of $35 two days ago, according to data from CoinMarketCap.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on XInstagramBluesky, and Google News, or subscribe to our YouTube channel.