This is part of the 0xResearch newsletter. To read the full editions, Subscribe.
“You either die a hero, or you live long enough to see yourself become the villain.” -Harvey Dent
As for Hyperliquid, it has taken 25 days since it appeared A highly acclaimed airdrop To engage in a bout of controversy.
It all started when Taylor Monahan (@taifano), a security researcher at MetaMask, Sound the alarm On a series of Hyperliquid transactions made from North Korean-branded wallets. Based on Monahan's data, the portfolios incurred a loss of $701,000 from Ethereum positions.
It's a A small amount To a state-sponsored hacker group. But what caused quite a stir among people was the revelation that North Korean hackers were actively identifying the Hyperliquid platform, in order to launch an imminent hacking operation.
Hyperliquid series highly centralized verification toolkit four Monahan says it made it more vulnerable to potential hacking.
Hyperliquid's liquidity is locked in a lock-and-mint-style bridge from Arbitrum, where Hyperliquid It existed As a Pierce DEX application.
When the hyperliquid migrated to itself Mint- PoS L1 chain consensus March 2024 The team retained Arbitrum's lock-and-mint style bridge, which remains the only way to join Hyperliquid today.
Based on Dune, the deposit bridge saw a record net outflow of $114.7 million in USDC liquidity in the past day, although this is still a small fraction of the $2.22 billion remaining in TVL.
Talk of a Hyperliquid hack is just speculation at the moment, but if it does happen, here's a rough sketch of how it could happen.
A successful attack on Hyperliquid's bridge nodes requires hacking three of the four validators, according to a two-thirds quorum.
If this happens, the original USDC on Arbitrum could theoretically be frozen by Circle before hackers can swap the stolen funds for uncensored assets like ETH.
However, this requires Circle to act on court orders, a tedious and slow legal process that may buy sophisticated hackers the time needed to execute an exit.
The hacker may instead choose to attempt to switch to USDC.e (Ethereum's native USDC tokens that are ported to Arbitrum) on Ethereum L1.
“The only plausible path that would enable Arbitrum’s security board as a line of defense is for hackers to attempt to withdraw funds across the underlying bridge, most likely after switching to ETH,” Matt Fiebach of Entropy Advisors told Blockworks.
“In this scenario, the elected Arbitrum Security team would need to decide whether effectively blocking this transfer is within the scope of “addressing the critical risks associated with the Arbitrum protocol and ecosystem.”
Finally, it should also be noted that the hacker will have difficulty finding the necessary liquidity locations to swap stolen funds. $2 billion of liquidity would have to be distributed across a variety of third-party bridges, which could cause massive slippage.
Start your day with the best cryptocurrency insights from David Kanellis and Katherine Ross. Subscribe to the Empire Newsletter.
Explore the growing intersection between cryptocurrencies, macroeconomics, politics, and finance with Ben Strack, Casey Wagner, and Felix Goffin. Subscribe to the Forward Way Newsletter.
Get alpha straight to your inbox with 0xResearch Newsletter - Market highlights, charts, trade ideas, management updates, and more.
The Lightspeed Newsletter has everything Solana, in your inbox every day. Subscribe to Solana Daily News By Jack Kopenick and Jeff Albus.
Source link