Hyperliquid denies being hacked by North Korea’s Lazarus group, although on-chain data shows evidence of large-scale fund withdrawals. On-chain data shows that North Korea-linked wallet addresses simultaneously deposited and withdrew significant amounts of ETH from the platform on December 23, the report said.
Taylor Monahan, a security expert at Metamask, warned that hackers do not need to interfere with user funds to breach security and have clearly identified vulnerabilities in Hyperliquid’s system.
Hyperliquid: Lazarus’s Next Target?
Hyperliquid, a decentralized exchange, has officially responded to criticism via Discord. Rumors of being attacked by North Korean hackers spread today, leading to users withdrawing $60 million from the platform. The exchange’s HYPE token had already dropped before this incident, leaving official accounts to deal with the losses.
“There have been no exploits from North Korea – or any exploits at all – at Hyperliquid. All user funds are guaranteed. Hyperliquid Labs takes OpSec seriously. No parties reported any vulnerabilities. To be clear, there have never been any allegations of exploitation at Hyperliquid,” one of the platform’s directors announced on Discord.
Hyperliquid has yet to issue any public statement or announcement to explain the allegations. Instead, the data is on-chain disclose that accounts linked to Lazarus deposited 476,489 USD in ETH Tokens to Hyperliquid before withdrawing them.
While this is not a clear sign of exploitation, it does raise the question of why the exchange saw such a large amount of withdrawals from suspicious wallet addresses in one day.
However, MetaMask security expert Taylor Monahan is adamant urge more caution. The crypto industry is well aware of the severity of any incident involving the infamous Lazarus group. Therefore, Hyperliquid should take these threats seriously, according to security experts.
North Korean Hackers Continue to Be an Obsession
The US government believes Lazarus stole nearly $900 million. Overall, North Korean hackers have caused some of the biggest hacks of 2024 in the Cryptocurrency sector. In fact, actors from the Democratic People’s Republic of Korea were responsible for the significant hack of Radiant Capital earlier this year, which involved compromising the platform’s complex multisig wallet authentication system.
Speculation that similar entities may be interested in Hyperliquid is extremely worrying.
“I’m quite concerned that you’re at a higher risk level because of the fact that we know that these particular threat actors are now familiar with your platform. I really want to emphasize that this is the most innovative and progressive threat group of all the DPRK groups. They are very creative and persistent,” Monahan stated clearly.
Monahan went on to state that the exchange’s hideous and defiant attitude is a very worrying sign. Even though Lazarus hasn’t tampered with any funds at Hyperliquid, they could have hacked into its security system.
Security expert Metamask also said that the company has no more than four testers who all run the same code, with an unknown higher number able to bypass key security vulnerabilities.
In short, if founders, executives, and engineers use the same device to access dependent systems, just one malware link can bring down the entire operation. . Lateral movement is one of the main strategies of North Korean hackers, where they exploit multiple access points to move through the network.
So, if a high-ranking person’s personal device is compromised, a major attack becomes inevitable. However, so far, Hyperliquid doesn’t seem too worried about these allegations.