Here is Why North Korean Hacker’s Addresses are Trading On Hyperliquid
DPRK trading addresses floored the market via Hyperliquid leaving many raised concerns on their purpose
Reports indicate that several known North Korean-linked addresses have engaged in trading activity on Hyperliquid, resulting in losses exceeding $700,000.
However, while the precise nature of these transactions and their ultimate objectives remain subject to ongoing investigation and analysis, these activities raise critical concerns regarding the platform’s security protocols and the broader implications for the cryptocurrency ecosystem.
North Korean Addresses on Hyperliquid Drives Concerns
The identification of North Korean-linked addresses conducting trades on Hyperliquid warrants a meticulous examination. The situation departs from the more commonly observed practice of direct, large-scale hacks targeting exchanges for immediate, substantial cryptocurrency theft.
Instead, the reported activity suggests a more nuanced approach, one indicative of reconnaissance and system probing. Community concerns further support the hypothesis: these seemingly insignificant transactions actually represent a sophisticated means of assessing Hyperliquid’s security infrastructure and identifying potential vulnerabilities.
Moreover, “By conducting seemingly legitimate trades, these actors may be mapping the exchange’s internal processes, detecting weaknesses in its anti-money laundering (AML) and know-your-customer (KYC) protocols, and ultimately, preparing for a potentially much larger, more devastating attack,” an X Analyst says.
Possible Exploitable Vulnerability Explained
“While specific details regarding the security mechanisms employed by Hyperliquid validators remain undisclosed, analysis of the Hyperliquid (HL) USDC bridge deployed on Arbitrum reveals a layered security approach designed to mitigate the risk of substantial financial loss” Cygaar claimed.
Currently, approximately $2.3 billion in USDC resides within this bridge contract. A two-thirds quorum of validator signatures largely determines the contract’s functionality; with four validators, three signatures are necessary for most actions.
A critical vulnerability arises from the hypothetical compromise of a majority (three out of four) of these validators. Such a compromise would grant malicious actors the ability to initiate a withdrawal request for the entire $2.3 billion USDC reserve, directing the funds to a compromised address. Due to their control over the majority of validators, the withdrawal request would be processed and finalized without impediment.
Nonetheless, Circle, the issuer of USDC, retains the capability to blacklist addresses, thereby preventing the movement of tokens. Swift action by Circle to blacklist the malicious address could effectively freeze the stolen USDC, preventing its exchange for other assets and enabling its return to the HL bridge. However, the efficacy of this measure hinges upon the speed of Circle’s response.
