North Korean hack fears sent Hyperliquid’s HYPE token on a rollercoaster
Hyperliquid, a Layer 1 blockchain, and decentralized exchange, faced sharp declines in token value and total value locked (TVL) over the weekend after reports surfaced of potential involvement by North Korean hackers.
Security expert Taylor Monahan flagged suspicious wallet activity linked to the Democratic People’s Republic of Korea (DPRK) on Dec. 22, triggering a 20% drop in the HYPE token price and TVL.
Monahan, who collaborates with MetaMask, revealed that DPRK-associated addresses had been liquidated for $458,000 on Hyperliquid.
In her posts, Monahan warned that the DPRK’s activity suggested reconnaissance rather than trading, writing that “DPRK doesn’t trade. DPRK tests,” hinting at a potential future attack.
Hyperliquid’s TVL fell to $2.05 billion, down from $2.56 billion, while the HYPE token dropped from $34 to $27 before making a partial recovery.
The Hyperliquid Labs team denied any breach in an official statement on Discord, saying:
“There has been no DPRK exploit — or any exploit for that matter — of Hyperliquid.”
The team added that a security researcher had contacted them but cited “unprofessional conduct” as the reason for dismissing their assistance, opting instead to consult with trusted third parties.
Cygaar, a developer and contributor to the Abstract chain, reassured the community that measures such as freezing USDC or rolling back the chain could be implemented in the event of an exploit.
He added:
“I wouldn’t be full-on panicking over this right now — there are guard rails in place should the worst possible outcome happen.”
The incident highlights ongoing risks of cyberattacks in the DeFi sector, where DPRK-affiliated hackers have increasingly targeted vulnerabilities to fund state operations.
As of press time, Hyperliquid’s HYPE token had mostly recovered from the past day’s slide and was trading around $313 after climbing 15%.1
