- Massive Withdrawals: HyperLiquid users withdrew $60 million in USDC after wallet addresses belonging to North Korean hackers conducted suspicious activity on the platform.
- Targeted Attacks: The hackers apparently use the platform to test vulnerabilities and potentially use zero-day exploits.
- North Korea’s financing: The stolen cryptocurrencies could finance North Korea’s weapons program; In 2024 alone, $1.34 billion was stolen through cyberattacks.
Hacker groups targeted: Why is North Korea trading on HyperLiquid?
Over the past few days, over $60 million in cryptocurrency USDC has been withdrawn from the HyperLiquid trading platform. The cause is growing concern about wallet addresses linked to North Korean hacking groups. These wallets started conducting suspicious trading activities on the platform, causing numerous users to withdraw their funds for security reasons.
The wallet addresses, which are suspected to be associated with North Korean hacking groups, executed trades on the platform in recent days, causing losses of around $700,000. According to experts, these transactions are not for profit. Instead, they could be tests to identify vulnerabilities in the platform. Cybersecurity specialists note that North Korean hackers often target well-known platforms in preparation for larger attacks.
A cybersecurity analyst known on Platform X as “Tay,” explainedthat North Korea’s hacker groups generally do not seek profits. Instead, they specifically test the infrastructure of platforms in order to potentially exploit them later.
Security risks with HyperLiquid
HyperLiquid is based on a Layer 1 blockchain secured by a small number of just four validators. This small number makes the system vulnerable to so-called “zero-day exploits”. Zero-day vulnerabilities are security holes that are not known to developers and therefore have no mitigation measures. Hackers can exploit such vulnerabilities to gain control of systems.
According to Tay, North Korean hacker groups with their technical know-how could exploit these gaps. The combination of advanced cyber capabilities and targeted use of zero-days has made North Korea a significant threat in the cryptocurrency and blockchain security space in recent years.
North Korea’s Strategy: Why Cryptocurrencies Are So Important
North Korea specifically relies on cybercrime to finance its regime. In 2024 alone, North Korean hackers are said to have stolen $1.34 billion worth of cryptocurrencies. These revenues reportedly go directly to the development of the country’s missile and weapons program. The Lazarus Group, a notorious hacking group closely linked to the North Korean government, is often linked to attacks on cryptocurrency exchanges and blockchain projects.
The preferred target is platforms with decentralized architecture and high trading volumes. HyperLiquid, which is currently the largest platform for on-chain trading with perpetual contracts, offers an attractive target for this.
Background: HyperLiquid and its rise
Since its inception, HyperLiquid has become a leading platform in the on-chain trading space. With over 271,000 users, a total deposit volume of $12.14 billion, and a daily trading volume of $6.20 billion, it is one of the major players in the market.
On November 29, 2024, HyperLiquid launched its native token HYPE. The price rose from $1.97 to $27.97 within a few weeks. With a market capitalization of $9.35 billion, HYPE is now one of the 25 largest cryptocurrencies.