Hyperliquid in focus: when a technical audit turns into a battle for the Perp market

In mid-December, blog.can.ac published a settlement article titled “Reverse Engineering Hyperliquid,” which dissected the derivatives protocol into its components. Nine allegations, ranging from “insolvency” to “god mode,” caused a wave of doubt across the entire DeFi industry. But is this a real crisis or primarily an offensive in the competition field?

The drama with $362 million – or its absence

The first and most dramatic accusation sounded like a crypto-catastrophe textbook proverb: users’ assets in Hyperliquid are short by $362 million compared to on-chain reserves. However, the reality turned out to be more boring than dramatic.

The issue lay in the architecture transition of the platform from AppChain to an independent L1. The accuser only looked at the USDC balance on the Arbitrum bridge – completely ignoring the native assets already migrated to HyperEVM.

The full picture looks like this:

• Arbitrum Bridge: 3.989 billion USDC
• HyperEVM (native): 362 million USDC
• HyperEVM Contracts: 59 million USDC
• Total: 4.351 billion USDC ≈ total user balances

The so-called “vanishing” money is simply a flow between ledgers – a pure result of infrastructure modernization. Anyone can verify this on-chain. It’s still centralization, but no longer fraud.

Which problems were admitted, and which remain hidden?

The Hyperliquid team issued a comprehensive response. Some points were resolved, others acknowledged with explanations, and a few remain in the shadows.

###Resolved and closed

“CoreWriter” – the so-called god mode: Accusers claimed it allowed printing money out of thin air. The reality: it’s just an interface for L1 to interact with HyperEVM (staking, system operations) with limited permissions. No risk of misappropriating user funds.

The $362 million gap: As explained above – it’s a misunderstanding due to the distributed architecture.

Lending protocol (HIP-1): Documentation is public. The spot/lending function operates openly, not secretly.

###Acknowledged but with context

Testnet code in mainnet code: Part of the binary contained a function to modify trading volume (TestnetSetYesterdayUserVlm). Its existence was acknowledged and explained – it’s a remnant from the testnet. On mainnet, the path is physically isolated and will never be activated.

Only 8 broadcast addresses: Acknowledged. The rationale is protection against MEV (maximum extractable value) and front-running. Future decentralization is planned.

Switching the entire network without rollback: Yes, it’s possible. This is standard procedure during network upgrades – validators must update synchronously.

Oracle price can be immediately overwritten: Explained as a security mechanism for extreme situations. In crises, 10/10 validators-oracles need speed, even without a time lock.

###Dark corners – what Hyperliquid omitted

Two points from Hyperliquid’s discussion remain in the shadows:

Governance proposals are unqueryable (Governance proposals are unqueryable): Users see the voting result but not the proposal content stored on-chain. For an average investor, managing Hyperliquid is a black box – you can see the outcome but not the decision process.

Bridge lacks an “emergency exit”: Withdrawals can be verified endlessly; users cannot force a transfer to L1 without validators’ approval. During the POPCAT incident, the bridge was blocked. Hyperliquid did not deny this fact.

Offensive against competitors – the true target of the whole scandal

The most important part of the official response was directed not at the accusers but at competitors. Hyperliquid publicly dissected the architecture of Lighter, Aster, and other protocols:

Lighter – a single centralized sequencer, execution logic and zero-knowledge circuits are not public

Aster – a centralized matching engine, offering dark pool trading accessible only with a single sequencer and unverifiable process

Other protocols – may have open code, but the sequencer remains a black box

The sharper tone of Hyperliquid’s narrative has a simple reason – a fight for market share. Data from DefiLlama over the last 30 days show no balance:

In terms of volume, Hyperliquid ranks third, but in open interest (Open Interest), it dominates the entire industry. Hyperliquid’s game is thus a narrative game: “Although we have 8 centralized broadcast addresses, the entire state is on-chain and verifiable – you don’t even offer this.”

Who is shorting HYPE? The story of a former employee

The community obsessively tracks who dumps the HYPE token. Hyperliquid’s team revealed more details: the short address starting with 0x7ae4 belongs to a former employee dismissed in early 2024. These are his private transactions, not team activity.

The platform claims that strict trading audits are now in place for all employees – insider trading is strictly prohibited. The response downgrades the issue from “deliberate campaign by the team” to “personal decisions of a former employee,” but transparency regarding token unlocking for the entire ecosystem remains an open question.

Conclusion – trust the algorithm, not the narrative

This story is a guide to modern crisis management in DeFi. Hyperliquid did not stop at defense – it launched an attack, redefining transparency norms for competitors. However, merely proving that “money is on the blockchain” is just the beginning.

The real test will be the gradual decentralization of these 8 broadcast addresses without compromising performance and MEV resistance. Only then will Hyperliquid truly transition from “centralized but transparent” to “decentralized and verifiable” platform – what crypto enthusiasts actually want.

For every investor, this scandal confirms an unbreakable rule: don’t trust the narrative, verify the data. In the era of AppChains and distributed bridges, traditional balance verification of contracts is no longer enough. You must remember that assets can be dispersed across many ledgers – and that doesn’t always mean fraud.