Hyperliquid faces a "security crisis": two major ecological protocols were attacked within 48 hours, resulting in losses exceeding $4.3 million, and HYPE fell over 20% in a single day.

The rapidly rising Hyperliquid Blockchain in the field of Decentralized Finance (DeFi) is facing a severe security crisis. Within just 48 hours, two major core profit protocols in its ecosystem encountered issues. First, the HyperVault protocol experienced an “exit scam,” siphoning off $3.6 million in funds; subsequently, the flagship protocol Hyperdrive was confirmed to have been exploited due to operator permission vulnerabilities, resulting in a loss of approximately $700,000, and was forced to suspend all markets. This series of events has deeply questioned the security resilience of the Hyperliquid network within the community, especially since the network relies on only four validating nodes, and its decentralization risks are considered the root cause attracting attackers.

Continuous Strikes: HyperVault Exit Scam and Hyperdrive Vulnerability

Hyperliquid's Decentralized Finance ecosystem experienced two devastating blows around September 27.

· HyperVault exit scam: Just one day before the Hyperdrive incident, another yield protocol HyperVault experienced a severe capital outflow event. The attacker bridged out 3.6 million dollars and laundered the money through Tornado Cash. Subsequently, the protocol's website went offline, and social media accounts were deleted, which has almost been characterized as a malicious “exit scam”.

· Hyperdrive protocol vulnerability: On September 27, the flagship yield protocol Hyperdrive confirmed it was attacked, with two financial market positions exploited, resulting in a loss of approximately $700,000. The developers attributed this vulnerability to operator permission flaws: users granted Hyperdrive's Router extensive permissions, allowing it to call any whitelisted contract, which the attacker exploited to manipulate positions and withdraw funds. Although Hyperdrive insists that thBILL assets and HYPED governance tokens were not directly affected, all of its markets have been forced to suspend.

Security Research: The Risks of Centralization in Networks Become a Magnet for Attackers

The series of substantial loss events has raised deep concerns within the community regarding Hyperliquid's network design and resilience, with market sentiment swiftly shifting from previous praise for its speed and composability to unease.

· Centralization Concerns: Security researchers point out that the issues may run deeper than the mistakes of a single protocol. Hyperliquid is built on Arbitrum, aiming for ultra-fast execution. However, its design has long raised concerns about centralization - the network relies solely on four validating nodes to operate. Critics argue that this high degree of concentration makes it very susceptible to coordinated attacks.

· The Shadow of Lazarus Group: Concerns began to escalate as early as December 2024. At that time, blockchain detectives linked the wallet of the North Korean hacking organization Lazarus Group to test trades on Hyperliquid, and MetaMask's Taylor Monahan warned that North Korean hackers were “kicking the tires” in search of vulnerabilities. Although Hyperliquid Labs refuted these claims at the time, the HYPE token still plummeted more than 20% in a single day.

Market Reaction: Massive Capital Outflow and HYPE Token Plummets

The latest two attack incidents have undoubtedly reignited investors' fears.

· Capital Outflow: On-chain analysis shows that since Friday, the net outflow of the Hyperliquid protocol has been continuously increasing, with over $200 million in USDC withdrawn in less than 24 hours.

· Token Crash: HYPE token reached a market cap of over $11 billion earlier this year, but experienced a double-digit percentage drop in weekend trading.

· Institutional Concerns: The consequences of reputational damage go beyond price volatility. Institutions exploring investments in Hyperliquid now have to weigh whether its young ecosystem can support the security levels required for scaling.

Hyperdrive and HyperVault both target retail users eager for returns, raising concerns that Hyperliquid may have become a breeding ground for opportunistic attackers.

Conclusion

Hyperliquid's two major security incidents in a very short period not only resulted in millions of dollars in direct losses but also dealt a significant blow to its core decentralization philosophy and network security reputation. The crux of the problem lies in the network's design, which sacrificed decentralization in pursuit of high throughput, relying solely on a structure of four validation nodes that is seen as a fatal centralized vulnerability. The consequences of the trade-off between security and speed are becoming apparent, and Hyperliquid must take swift action to address its fundamental security and governance issues to restore investor confidence and avoid a sudden halt to its rapid growth.

Disclaimer: This article is for news information and does not constitute any investment advice. The crypto market is highly volatile, and investors should make cautious decisions.