Hyperliquid suffered its largest single-day outflow after security experts said North Korean hackers were trading on the new layer-1 crypto derivatives platform. 

MetaMask security researcher Tay Monahan said in a Dec. 23 X post that Democratic People’s Republic of Korea (DPRK)-linked hackers had been using the platform as early as October. 

“Yall, DPRK doesn’t trade. DPRK tests,” Monhan added in a follow-up post.

Hyperliquid net outflows top $250M amid fears over North Korea hackers image 0

Source: Tay Monahan

Net outflows from the derivatives platform have topped $256 million in the last 30 hours, according to data from Dune Analytics. 

Outflows from Hyperliquid on Dec. 23 hit an all-time peak of $502.71 million, while inflows reached over $253.5 million.

Hyperliquid net outflows top $250M amid fears over North Korea hackers image 1

Net outflows from Hyperliquid have topped $256 million in the last 30 hours. Source: Dune Analytics

Hyperliquid said on its Discord server that it’s “aware of reports circulating regarding activity by supposed DPRK addresses. There has been no DPRK exploit - or any exploit for that matter - of Hyperliquid. All user funds are accounted for.”

North Korean hackers such as the Lazarus Group have stolen $1.3 billion worth of crypto so far this year, doubling their haul from last year in an escalation of dictator Kim Jong Un’s effort to scrape together cash for the nation largely cut off from the world by sanctions.

Monahan further claimed that Hyperliquid’s security and infrastructure are largely centralized, relying on just four validators.

Monahan’s post triggered a broad set of reactions from crypto pundits, with Hyperliquid supporters accusing her of creating unnecessary fear. 

The exchange’s native Hyperliquid (HYPE) token was also hit by the fallout, falling 20% from its all-time high of $35 on Dec. 22 and recently changing hands for $28, according to TradingView data . 

Still, other developers and security researchers supported Monahan’s reputation as a security expert. 

“You might not like the way Tay communicates, but at least we’re talking now: Kim [Jong Un’s] goons showing up is always at least a two-alarm fire,” wrote Wildcat Labs co-founder Laurence Day.

Related: Hyperliquid’s HYPE token surges 60% after billion-dollar airdrop

“I’ve had run-ins with Lazarus before, and you do NOT want them doing anything that looks ‘silly’ because it’s often not,” Day added in a later post . 

There are “two lines of defense” in case of major exploit 

Pseudonymous developer Cygaar said if North Korea were to attack Hyperliquid, there are two lines of defense that could be utilized to stop massive sums of USD Coin ( USDC ) from being stolen.

Hyperliquid net outflows top $250M amid fears over North Korea hackers image 2

Source: Cygaar

USDC issuer Circle could blacklist addresses from moving tokens completely in a bid to freeze the movement of potential threat actors, Cyggar said.

“If they act quickly enough, they can prevent the attacker from trading out of the stolen USDC and effectively freeze the funds. This should allow Circle to return funds back to the HL bridge,” Cygaar added. 

Secondly, Cygaar said the Arbitrum Chain — the network Hyperqliuid is built on — could roll back the chain the prevent the loss of funds. However, Day said an Arbitrum rollback was “absolutely not” going to happen unless there was an “existential” threat to the chain. 

Magazine: Comeback 2025 — Is Ethereum poised to catch up with Bitcoin and Solana?