Today’s edition is brought to you by Ledger Wallet. The hardware wallet trusted by everyone. Buy Ledger Flex to claim your Bitcoin (limited offer)👇

Hello y’all. What’s cooking on Christmas eve? We’ve got North Korean cold noodles.

What if one of DeFi's hottest new protocols is being actively probed by North Korean hackers?

That’s exactly what security researchers are warning about Hyperliquid, the decentralised finance project (DeFi) that is now one of the top 25 cryptocurrencies by market cap.

First up, show us some love on X 🤞

Consider signing up for pay-what-you-want subscription to support our work - which is possible thanks to support from readers like you.

Support Token Dispatch

If you want to reach out to 190,000+ subscriber community of the Token Dispatch, you can explore the partnership opportunities with us.

Hyperliquid is a decentralised perpetual exchange (DEX) built on its own high-speed L1 blockchain - built on top of Arbitrum, a Ethereum layer-2 network.

The blockchain is optimised for high-speed trading, that combines the benefits of decentralised finance (DeFi) with the efficiency and reliability of centralised exchanges (CEXs).

But when a respected security researcher spots North Korean hackers poking around your platform. You find yourself in a pickle. Hyperliquid found itself in one.

MetaMask's security researcher Taylor Monahan dropped a bombshell.

Monahan, a noted tracker of North Korean crypto activity, spotted suspicious trading patterns from a wallet previously linked to the same Democratic People’s Republic of Korea (DPRK) hacking team behind last year's Radiant and Poly Network attacks.

Block That Quote 🎙

Monahan warned in her viral X post.

The whole thread is gold - DPRK's trading career is...uh....going..…🙈

What makes Hyperliquid such an appealing target?

It's a perfect storm of factors that would make any security expert lose sleep.

• A massive $11 billion market cap achieved in just 25 days

• Over $2 billion (TVL) in user funds

• A high-speed blockchain running on just four validators

• Validators potentially operating on devices used for everyday activities

• A fresh $1.6 billion token airdrop attracting massive attention

Because it was built to prioritise transaction speed, Hyperliquid runs on just four validators.

For comparison, most major DeFi protocols operate with dozens or hundreds of validators to ensure security.

Why does this matter? These validators may be running on devices that Hyperliquid's founders use for everyday activities like social media and video calls.

One successful phishing attack could potentially compromise the entire system.

The warning signs? A crypto wallet linked to North Korean hackers recently lost nearly $700,000 trading on Hyperliquid.

But according to Monahan, that loss wasn't just bad trading — it was reconnaissance.

The Market Verdict

Markets, as always, vote with their feet.

• HYPE token crashed 21% from its peak of around $35

• $250 million in USDC fled the platform in 24 hours

• Net outflows hit their highest level in project history

Matt Fiebach of Entropy Advisors explains the scenario on Blockworks.

But Hyperliquid Labs is pushing back: "There has been no DPRK exploit—or any exploit for that matter—of Hyperliquid. All user funds are accounted for."

The crypto community appears unconvinced, security experts aren't mincing words about the risks.

"My gut instinct is that North Korean hackers are already inside Hyperliquid's infrastructure." — Nassim Eddequiouaq, former a16z crypto security lead.

The DPRK Factor

This isn't just about one protocol.

2024 has been North Korea's most lucrative hack year.

Read Chainalysis report - $2.2 Billion Stolen from Crypto Platforms in 2024

• Total losses: $2.2B across 303 incidents

• DPRK attribution: $1.34B stolen (61% of total)

• Number of DPRK attacks: 47 incidents

• Average DPRK hack size: $28.5M

• Largest single hack: DMM Bitcoin ($305M)

• Second largest: WazirX ($234.9M)

The regime's tactics have evolved dramatically.

Take the DMM Bitcoin hack in May — a staggering $305 million heist that began with a simple LinkedIn message.

A North Korean operative posed as a recruiter, sent what appeared to be a pre-employment test, and that was enough to eventually compromise the entire system.

Their tactics are getting more sophisticated, with a particular focus on social engineering and insider access.

• Attacks becoming more frequent

• Larger individual heists ($50M-$100M+)

• Increased focus on infiltrating projects

• Sophisticated social engineering tactics

• Preference for projects with centralised points of failure

Choose the Right Ledger Wallet for You

Ledger wallet comes with key features to ensure accessibility and security for you wallet. With Ledger live app you can manage and stake your digital assets, all from one place. Ledger recover helps to restore access to your crypto wallet in case of a lost, damaged, or out of reach Secret Recovery Phrase.

A Broader Industry Problem

What's particularly concerning is the survival rate of hacked protocols.

According to recent research from Cozy Finance, fewer than half of all DeFi protocols survive a hack. The odds improve dramatically for those who can reimburse users — but that requires having the resources to do so.

More than $1.2 billion in crypto has been stolen this year, according to DefiLlama data. More than $9 billion has been stolen since 2016.

Why does this matter?

The Hyperliquid situation highlights a crucial tension in DeFi: the trade-off between speed and security.

The protocol's four-validator setup was chosen to prioritise transaction speed, but at what cost?

More concerning is the pattern we're seeing with North Korean attacks.

They're not just looking for quick wins anymore — they're playing a longer game, infiltrating projects through social engineering before striking.

If Hyperliquid's $2 billion in user funds were compromised, it would mark one of the largest crypto hacks in history.

And unlike traditional finance, there's no FDIC insurance in DeFi.

While Hyperliquid has dismissed the concerns, the market's reaction suggests users aren't taking any chances.

The $250 million in outflows might look like an overreaction, but in a world where North Korean hackers are doubling their take year over year, perhaps a bit of paranoia is healthy.

After all, in DeFi, you're not just protecting your own assets — you're protecting everyone's.

Token Dispatch View 🔍

DPRK-linked groups have already pinched $1.34 billion this year — that's roughly $2.8 million every single day. For perspective, that's more than the entire annual GDP of some small nations.

Hyperliquid, with its centralised validator setup and massive TVL, looks like a textbook example of what they're looking for.

Consider this: Five years ago, crypto hacks were largely smash-and-grab affairs — exploit a smart contract vulnerability, drain the funds, disappear into the digital ether.

Evolving sophistication of attacks they tell us about the future of DeFi security?

They're not doing this through brute force anymore; they're playing chess while everyone else is playing checkers.

We're seeing months-long reconnaissance operations, sophisticated social engineering, and attackers willing to lose money just to probe for weaknesses.

That $700,000 loss on Hyperliquid? Consider it North Korea's version of penetration testing.

The lesson here isn't just for Hyperliquid — though they're certainly in the spotlight.

It's for every protocol that thinks "it won't happen to us" or believes that rapid growth can outpace the need for robust security.

In an industry where projects can reach billion-dollar valuations in weeks, that's a dangerously tempting proposition.

When fewer than half of DeFi protocols survive a hack — and when you're up against state-sponsored actors with virtually unlimited resources — security isn't just another box to tick. It's existential.

So while the crypto community debates whether Hyperliquid's four validators are enough (they are probably not), perhaps we should be asking a different question.

In an industry that prides itself on decentralisation, how did we end up with so many single points of failure?

The stakes have never been higher.

We've spent years building bigger, faster, more efficient systems. But perhaps — just perhaps — we've been optimising for the wrong metrics.

When a protocol handling billions in user funds runs on just four validators, we might need to reassess our priorities.

We're not just building financial systems — we're stress-testing them against some of the most sophisticated adversaries in the world.

And maybe, just maybe, that's how we'll finally build something truly unbreakable.

It isn't whether Hyperliquid will weather this storm. It's whether the next billion-dollar protocol will learn from this moment.

The crypto industry has proven remarkably resilient — bouncing back from hacks, crashes, and scandals — each incident chips away at the foundation of trust we're trying to build.

North Korea's hackers aren't going anywhere.

The question isn't if they'll strike again, but when — and who's next?

If you're running a DeFi protocol with billions in TVL, you might want to check your spam folder. That LinkedIn message from a recruiter? Maybe don't click that link.

The Surfer 🏄

• North Korean hackers, posing as a recruiter on LinkedIn, compromised a Ginco employee's GitHub account, leading to a $300 million Bitcoin theft from DMM exchange in May. The FBI, along with international partners, exposed the hack linked to the TraderTraitor group, highlighting North Korea's use of cybercrime for revenue generation.

• A study by Cozy Finance reveals that only 39% of DeFi projects survive hacks, but their chances of survival significantly improve if they reimburse users. Projects that returned 80% of stolen funds had a two-thirds survival rate, while those reimbursing less than 25% had only a 12% survival rate.

• Crypto lost $1.49 billion in 2024, a 17% decrease from 2023, with hacks accounting for 98.1% of losses across 192 incidents, according to Immunefi. While DeFi protocols remained prime targets, CeFi losses surged by 77.5%, with major incidents at DMM Bitcoin and WazirX accounting for 36% of total losses, despite improved security measures reducing successful attacks by 27.5%.

If you want to make a splash with us, book a demo call 🤟

You can check out partnership opportunities🖖

This is The Token Dispatch find all about us here 🙌

If you like us, if you don't like us ... either ways do tell us✌️

So long. OKAY? ✋