HYPE Faces Over 20% Daily Pullback, North Korean Hackers Targeting Hyperliquid?

Original Title: "HYPE Sees Over 20% Daily Pullback, Is North Korea Hacker Eyeing Hyperliquid?"

Original Author: Azuma, Odaily Planet Daily

The popular project Hyperliquid (HYPE) experienced its largest pullback since launching today.

Bitget data shows that as of around 14:00 Beijing time, HYPE was trading at 26.21 USDT, marking a sharp 20.5% intraday decline.

Is North Korea Hacker Eyeing Hyperliquid?

Looking at the market news, the biggest event in the Hyperliquid community discussion today was a warning from well-known security researcher Tay (@tayvano_) — multiple flagged North Korean hacker addresses have recently been transacting on Hyperliquid, resulting in a total loss of over $700,000.

While as of the time of writing, there have been no signs of any attack on Hyperliquid, but as Tay stated, "If I were one of the 4 validators managing Hyperliquid, I might be peeing my pants right now"... signs of activity from the strongest hacker forces in the cryptocurrency world, could mean that North Korean hackers have identified Hyperliquid as a potential target and are testing the system's stability through transactions.

After Tay's post, it immediately sparked heated discussions within the community, especially the issue of the "4 validators" mentioned by Tay, which some community members even see as the weakest link in the current Hyperliquid system security.

Potential Threat: $2.3 Billion Depending Solely on 3/4 Multisig

Abstract developer cygaar explained that the Hyperliquid bridging contract currently deployed on Arbitrum holds a total of $2.3 billion in USDC, with most functions in this bridging contract requiring 2/3 validator signatures to execute (as there are only 4 validators, this effectively requires 3 signatures).

Assuming that a majority (3/4) of validators are compromised, the breached validators can submit a request to withdraw all USDC from the bridge contract and send them to a malicious address. Since the attacker has control of the vast majority of validators, they will be able to smoothly pass the request and ultimately finalize the withdrawal, meaning that $2.3 billion USDC will be transferred to the attacker.

Currently, there are two lines of defense that can intervene to prevent these USDC from being permanently lost.

The first line of defense is at the USDC contract level. Circle's blacklist mechanism can entirely prevent specific addresses from transferring USDC. If they act fast enough, they can stop the attacker from transferring the stolen USDC, effectively freezing the funds and reimbursing the Hyperliquid bridge contract.

Regarding this defense line, security guru ZachXBT commented that Circle is very inefficient, and one should not expect them to take any remedial action. However, ZachXBT also clarified that this comment is only directed at Circle and does not involve an opinion on Hyperliquid.

The second line of defense is at the Arbitrum network level. Currently, the Arbitrum L1/L2 bridge contract on Ethereum is protected by a 9/12 multi-signature contract (security council). Suppose the attacker somehow controls this $2.3 billion USDC and immediately swaps it for other tokens to circumvent Circle's blacklist mechanism. In theory, Arbitrum's security council can also change the chain's state, roll back, and prevent the initial attack transaction from occurring. In an "emergency," the council can vote to decide whether to undertake this intervention.

cygaar added that the final line of defense is evidently highly controversial and should only be used in the most dire circumstances.

「Intentional FUD」 or 「Well-intended Warning」? Community Reaction Divided

In response to Tay's warning post, the community reaction has shown a stark dichotomy.

On one hand, some community members believe that Tay's warning is exaggerated, especially after the decline in HYPE, with many in the community considering Tay to be merely spreading "intentional FUD".

· Some community members pointed out that North Korean hackers target every protocol with a high TVL, not just Hyperliquid. Discovering the hacker's traces does not necessarily mean the protocol has been compromised;

· Some community members also mentioned that Tay himself actually works for Consensys, raising suspicions of a conflict of interest in his so-called "warning." In reality, it may just be to ensure that Consensys can secure the most advantageous cooperation with the Hyperliquid team.

On the other hand, some well-known figures have chosen to support Tay's security work.

· Renowned white-hat hacker samczsun stated that despite Tay's years of pro bono service to the cryptocurrency industry, he faced intense criticism due to this post simply because HYPE's price experienced a significant drop after the warning was issued... it's sad to see such news.

· Wintermute's founder and CEO, Evgeny Gaevoy, also mentioned that Tay's communication style may be somewhat aggressive (after this tweet was posted, Tay engaged in heated arguments with some of the users accusing him), but you cannot overlook information like this.

Overall, for Hyperliquid, which has been sailing smoothly since its launch, today's discussion can be considered a somewhat significant incident in the project's operation. It's called significant because Hyperliquid was not actually attacked; however, certain vulnerable aspects of the Hyperliquid system were exposed, and there was a certain degree of community division in this event... but as a leader aspiring to revolutionize industry norms, this incident is more of a litmus test than a hardship. How Hyperliquid will address the 3/4 multisig issue and calm UFD will also be a great opportunity for the market to reevaluate the project's quality and efficiency.

Original Article Link