Audit log

Every state-changing event for Hyperliquid: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-28 18:59:23Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 422,779,454

   sig

   5r1TJe3Uurem…GiBZTxdEcopyexplorer ↗

   hash

   DBqSjE5VQMRc…yYRuvbtUcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (12171 B) ▸

   {"actor":"system:backfill","investigation_id":"08752005-1f07-4792-bacf-583564b32b2c","kind":"publish","page_slug":"hyperliquid","published_at":"2026-05-28T18:59:23.618Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Hyperliquid","sections":[{"content":"Hyperliquid operates with <cite index=\"13-16,14-10,20-9\">only four validators securing billions of dollars in assets</cite>, creating significant centralization concerns. <cite index=\"11-9,11-10,11-11\">Security expert Taylor Monahan highlighted that this small validator pool creates a single point of failure, where if an executive's device were compromised, it could open the floodgates to dire consequences</cite>. <cite index=\"18-1,18-20\">A compromise involving three of the four validators could allow malicious actors to gain control over the network, approve unauthorized transactions, and drain liquidity pools</cite>. <cite index=\"14-3,14-4\">This centralized decision-making structure makes it easier for attackers to compromise network security</cite>, despite the platform's claims of decentralization.","heading":"Validator Centralization Risks","severity":"high","sources":[{"credibility":2,"name":"Hyperliquid Under Fire: Security Concerns - Brave New Coin","type":"news_article","url":"https://bravenewcoin.com/insights/hyperliquid-under-fire-security-concerns-amid-allegations-of-north-korean-exploitation"},{"credibility":2,"name":"Why Validators Fail: Lessons from the Hyperliquid Incident - CCN","type":"news_article","url":"https://www.ccn.com/education/crypto/why-validators-fail-lessons-for-defi-ecosystem/"}]},{"content":"In December 2024, Hyperliquid faced scrutiny after <cite index=\"11-7\">wallet addresses linked to North Korea's Lazarus Group conducted large transactions on the platform, moving Ethereum (ETH) around in a way that raised concerns</cite>. <cite index=\"13-4,13-5,13-6,13-7\">Security expert Taylor Monahan alleged that wallets associated with the DPRK were trading Ethereum on Hyperliquid, claiming these were not standard transactions but potential vulnerability tests, asserting 'DPRK doesn't trade. DPRK tests'</cite>. The allegations triggered <cite index=\"13-9\">over $256 million in fund withdrawals from the platform in just 30 hours, with December 23 alone witnessing net outflows exceeding $502 million</cite>. <cite index=\"13-12,13-13,13-14\">Hyperliquid Labs responded by denying any security breach, stating 'There has been no DPRK exploit—or any exploit for that matter—of Hyperliquid. All user funds are accounted for'</cite>.","heading":"North Korean Hacker Activity","severity":"high","sources":[{"credibility":2,"name":"Hyperliquid Under Fire - Brave New Coin","type":"news_article","url":"https://bravenewcoin.com/insights/hyperliquid-under-fire-security-concerns-amid-allegations-of-north-korean-exploitation"},{"credibility":2,"name":"Hyperliquid under scrutiny - Blockworks","type":"news_article","url":"https://blockworks.com/news/hyperliquid-security-fuels-decentralization-concerns"}]},{"content":"In March 2025, Hyperliquid faced a major market manipulation incident involving the JELLY token that exposed critical vulnerabilities. <cite index=\"21-7,21-8,21-9,21-10\">An attacker opened two long positions and a short position on the JellyJelly token worth $4.1 million, then pumped the token's price across multiple exchanges, causing its value to increase by over 400% within a single hour</cite>. <cite index=\"22-1,22-8\">This manipulation temporarily caused the Hyperliquidity Provider (HLP) vault's unrealized loss to reach $13.5 million</cite>. <cite index=\"21-12,21-13,21-14\">When losses reached $12 million, the protocol's validators rapidly took action to delist the JELLY token, settling all positions at $0.0095 rather than the $0.50 market price, revealing the platform's centralized control despite decentralization claims</cite>. <cite index=\"21-15,21-16\">The attacker was able to withdraw $6.26 million of the $7.17 million deposited before the protocol froze their withdrawals</cite>.","heading":"JELLY Market Manipulation Incident","severity":"critical","sources":[{"credibility":2,"name":"Explained: The Hyperliquid Hack (March 2025) - Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-hyperliquid-hack-march-2025"},{"credibility":1,"name":"HyperLiquid Delists JELLY - CoinDesk","type":"news_article","url":"https://www.coindesk.com/markets/2025/03/26/hyperliquid-delists-jellyjelly-after-vault-squeezed-in-usd13m-tussle"}]},{"content":"Beyond the JELLY incident, Hyperliquid has experienced multiple security issues throughout 2025. <cite index=\"16-5,16-9\">The platform received a C- risk grade due to multiple security incidents including the $13.5M JELLY exploit, a $21M private key compromise, and several vault exploits, revealing persistent security vulnerabilities</cite>. <cite index=\"19-1,19-8,19-9,19-10,19-11,19-12\">The Hyperliquid ecosystem also faced controversy when HyperVault, a project built on the platform, was accused of rug-pulling users for approximately $3.6 million, with suspicious transactions flagged by blockchain security firm PeckShield showing funds being bridged to Ethereum, converted to ETH, and funneled into Tornado Cash</cite>. These incidents highlight ongoing vulnerabilities in the broader ecosystem.","heading":"Additional Security Incidents","severity":"high","sources":[{"credibility":2,"name":"Is Hyperliquid Safe? Risk Grade C- - Hindenrank","type":"research","url":"https://hindenrank.com/blog/is-hyperliquid-safe"},{"credibility":1,"name":"Hyperliquid-Based Project Faces $3.6 Million Controversy - Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/news/hyperliquid-based-project-faces-3-093814438.html"}]},{"content":"Hyperliquid operates without traditional venture capital funding, which distinguishes it from most crypto projects. <cite index=\"36-3,36-6\">The platform's cofounder reiterated that no investor unlocks exist because it never raised external capital, with the 1.75 million tokens distributed exclusively to team members as part of vesting schedules</cite>. <cite index=\"3-27,3-28,3-29,3-30\">In 2024, Hyperliquid launched its native token HYPE via an airdrop to nearly 100,000 users, with over 20% distributed to core contributors under vesting until 2027-2028, and within three months HYPE achieved a market cap exceeding $9 billion</cite>. <cite index=\"32-25,32-26,32-27\">Recently, the platform has filed with the SEC to raise $1 billion through a SPAC merger, with proceeds intended for HYPE token purchases and ecosystem expansion</cite>.","heading":"Business Model and Funding","severity":"medium","sources":[{"credibility":2,"name":"Hyperliquid addresses external investor token sell-off - Cryptopolitan","type":"news_article","url":"https://www.cryptopolitan.com/hyperliquid-external-investor-token-sell-off/"},{"credibility":2,"name":"What Is Hyperliquid? - CoinLedger","type":"news_article","url":"https://coinledger.io/learn/what-is-hyperliquid"}]},{"content":"Despite security concerns, Hyperliquid has achieved significant market traction and technical performance. <cite index=\"3-5,3-42\">The platform has over 300,000 users and processes more than $4 billion in daily trading volume</cite>. <cite index=\"7-8\">Hyperliquid achieves sub-second finality and can handle up to 200,000 transactions per second</cite>. <cite index=\"6-15\">It has become the third-largest decentralized exchange in crypto, processing trillions of dollars in volume during its lifespan, trailing only PancakeSwap and Uniswap</cite>. <cite index=\"8-13,8-15\">The platform commands an estimated 70-80% of the decentralized perpetual futures trading market and consistently processes around $8 billion in daily trading volume with 30-day fee revenue reaching nearly $100 million</cite>.","heading":"Platform Performance and Features","severity":"low","sources":[{"credibility":2,"name":"What Is Hyperliquid? - CoinLedger","type":"news_article","url":"https://coinledger.io/learn/what-is-hyperliquid"},{"credibility":1,"name":"What Is Hyperliquid? The Decentralized Exchange - Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/news/hyperliquid-decentralized-exchange-own-blockchain-150103036.html"}]},{"content":"DeFiLlama recorded a security incident affecting Hyperliquid on June 15, 2023, with reported losses of $37K on Arbitrum. Classification: Ecosystem. Technique: CEX Price Manipulation Attack.","heading":"Hyperliquid — $37K (2023-06-15)","severity":"medium","sources":[{"credibility":1,"name":"Hyperliquid — $37K (2023-06-15)","type":"research","url":"https://defillama.com/hacks?protocol=Hyperliquid"}]}],"sources_used":[{"credibility":2,"name":"Hyperliquid Under Fire: Security Concerns - Brave New Coin","type":"news_article","url":"https://bravenewcoin.com/insights/hyperliquid-under-fire-security-concerns-amid-allegations-of-north-korean-exploitation"},{"credibility":2,"name":"Explained: The Hyperliquid Hack (March 2025) - Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-hyperliquid-hack-march-2025"},{"credibility":1,"name":"HyperLiquid Delists JELLY After Vault Squeezed - CoinDesk","type":"news_article","url":"https://www.coindesk.com/markets/2025/03/26/hyperliquid-delists-jellyjelly-after-vault-squeezed-in-usd13m-tussle"},{"credibility":1,"name":"What Is Hyperliquid? The Decentralized Exchange - Yahoo Finance","type":"news_article","url":"https://finance.yahoo.com/news/hyperliquid-decentralized-exchange-own-blockchain-150103036.html"},{"credibility":2,"name":"Is Hyperliquid Safe? Risk Grade C- - Hindenrank","type":"research","url":"https://hindenrank.com/blog/is-hyperliquid-safe"},{"credibility":2,"name":"What Is Hyperliquid? - CoinLedger","type":"news_article","url":"https://coinledger.io/learn/what-is-hyperliquid"},{"credibility":1,"name":"Hyperliquid — $37K (2023-06-15)","type":"research","url":"https://defillama.com/hacks?protocol=Hyperliquid"}],"summary":"Hyperliquid suffered a documented ecosystem incident with reported losses of $37K on Arbitrum. This page tracks DeFiLlama's record of the event.","timeline":[{"date":"2022-01-01","event":"Hyperliquid founded and built as decentralized exchange","source":"Is Hyperliquid Safe? - Whaleportal","source_url":"https://whaleportal.com/blog/is-hyperliquid-safe/"},{"date":"2023-02-01","event":"Mainnet closed alpha launched","source":"What Is Hyperliquid? The Decentralized Exchange - Yahoo Finance","source_url":"https://finance.yahoo.com/news/hyperliquid-decentralized-exchange-own-blockchain-150103036.html"},{"date":"2023-06-15","event":"Hyperliquid — $37K (2023-06-15)","source":"defillama.com","source_url":"https://defillama.com/hacks?protocol=Hyperliquid"},{"date":"2023-08-01","event":"Full mainnet launch","source":"What Is Hyperliquid? The Decentralized Exchange - Yahoo Finance","source_url":"https://finance.yahoo.com/news/hyperliquid-decentralized-exchange-own-blockchain-150103036.html"},{"date":"2024-11-01","event":"HYPE token airdrop worth $1.6 billion distributed to nearly 100,000 users","source":"What Is Hyperliquid? The Decentralized Exchange - Yahoo Finance","source_url":"https://finance.yahoo.com/news/hyperliquid-decentralized-exchange-own-blockchain-150103036.html"},{"date":"2024-12-23","event":"North Korean hacker allegations trigger over $256 million in withdrawals","source":"Hyperliquid Under Fire - Brave New Coin","source_url":"https://bravenewcoin.com/insights/hyperliquid-under-fire-security-concerns-amid-allegations-of-north-korean-exploitation"},{"date":"2025-03-26","event":"JELLY token manipulation incident causes $13.5 million loss to HLP vault","source":"HyperLiquid Delists JELLY - CoinDesk","source_url":"https://www.coindesk.com/markets/2025/03/26/hyperliquid-delists-jellyjelly-after-vault-squeezed-in-usd13m-tussle"},{"date":"2025-09-26","event":"HyperVault project accused of $3.6 million rug pull","source":"Hyperliquid-Based Project Faces Controversy - Yahoo Finance","source_url":"https://finance.yahoo.com/news/hyperliquid-based-project-faces-3-093814438.html"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision d130c734-2f90-4110-9a06-9efee14fcc2ccopy
2. #2reviewby reviewerreviewer

   2026-06-13 21:33:51Z
   Score: 38 → 38 (no score change)
   The page's core factual assertions — validator centralization concerns, North Korea wallet activity, the JELLY manipulation mechanics, the HyperVault rug pull, and Hyperliquid's no-VC funding model — are all substantiated by credible independent sources. The main weaknesses are: the DeFiLlama source URL is blocked (link rot), several metrics are stale (user count, daily volume), the SPAC filing is misattributed to Hyperliquid rather than the distinct entity Hyperliquid Strategies, and the $13.5M HLP loss is described as a realized loss when it was an unrealized peak that was not fully realized. The airdrop valuation figure of $1.6B is inconsistently supported. Coverage gaps are significant around regulatory history and on-chain forensics.
   anchoranchored

   chain

   ●mainnet-betaslot 426,281,304

   sig

   3LVxdryN1Gsx…LxvuPoLocopyexplorer ↗

   hash

   Cagj37i6B1Nu…Uv2TMbK1copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1095 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-13T21:33:51.500Z","decision":"review","investigation_id":"08752005-1f07-4792-bacf-583564b32b2c","new_score":38,"page_slug":"hyperliquid","prev_score":38,"reason":"The page's core factual assertions — validator centralization concerns, North Korea wallet activity, the JELLY manipulation mechanics, the HyperVault rug pull, and Hyperliquid's no-VC funding model — are all substantiated by credible independent sources. The main weaknesses are: the DeFiLlama source URL is blocked (link rot), several metrics are stale (user count, daily volume), the SPAC filing is misattributed to Hyperliquid rather than the distinct entity Hyperliquid Strategies, and the $13.5M HLP loss is described as a realized loss when it was an unrealized peak that was not fully realized. The airdrop valuation figure of $1.6B is inconsistently supported. Coverage gaps are significant around regulatory history and on-chain forensics.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision d930f743-cccb-484f-bbbc-5a5b10175d2fcopy
3. #3review reviseby judgejudge

   2026-06-13 21:33:51Z
   Score: 38 → 28 (-10)
   The page's core factual claims about validator centralization, North Korea-linked wallet activity, the JellyJelly manipulation mechanics, and the HyperVault rug pull are all substantiated by credible independent sources. However, the reviewer identified a disputed airdrop valuation figure (claim_findings[24]: $1.6B is unsupported at TGE, where sources cite ~$1.2B), a stale user-count and daily-volume metric (claim_findings[20]: page states 300K users and $4B/day when current figures are 1.4M users and ~$8.34B/day), and a material entity mischaracterization in claim_findings[19] where the $1B SEC SPAC filing is attributed to 'the platform' when the filing entity is the legally distinct 'Hyperliquid Strategies.' Two high-priority coverage gaps — absence of on-chain forensic analysis for DPRK-linked wallets and no regulatory or OFAC status section — further support revision. The overall disputed_pct of 10.7% places this in the minor-issues band; the penalty is set at -10 reflecting the stale metrics and entity mischaracterization.
   anchoranchored

   chain

   ●mainnet-betaslot 426,281,288

   sig

   3TTe9yf6JBHs…W2bNCjPPcopyexplorer ↗

   hash

   BdL97QH7DpW2…KCsF4M6gcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1396 B) ▸

   {"actor":"judge","decided_at":"2026-06-13T21:33:51.500Z","decision":"review_revise","investigation_id":"08752005-1f07-4792-bacf-583564b32b2c","new_score":28,"page_slug":"hyperliquid","prev_score":38,"reason":"The page's core factual claims about validator centralization, North Korea-linked wallet activity, the JellyJelly manipulation mechanics, and the HyperVault rug pull are all substantiated by credible independent sources. However, the reviewer identified a disputed airdrop valuation figure (claim_findings[24]: $1.6B is unsupported at TGE, where sources cite ~$1.2B), a stale user-count and daily-volume metric (claim_findings[20]: page states 300K users and $4B/day when current figures are 1.4M users and ~$8.34B/day), and a material entity mischaracterization in claim_findings[19] where the $1B SEC SPAC filing is attributed to 'the platform' when the filing entity is the legally distinct 'Hyperliquid Strategies.' Two high-priority coverage gaps — absence of on-chain forensic analysis for DPRK-linked wallets and no regulatory or OFAC status section — further support revision. The overall disputed_pct of 10.7% places this in the minor-issues band; the penalty is set at -10 reflecting the stale metrics and entity mischaracterization.","score_delta":-10,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 571bea2b-f106-4d6b-bd53-03241d7c55ffcopy
4. #4reviewby reviewerreviewer

   2026-06-14 23:15:45Z
   Score: 28 → 28 (no score change)
   Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Hyperliquid is a legitimate, technically sophisticated Layer-1 perpetual futures DEX that is the dominant platform in its category by volume, entirely self-funded, with no evidence of fraud, Ponzi mechanics, or exit scam behavior. The three major incidents driving its WARNING-band score are systematically mis-characterized: (1) the JELLY manipulation ended with HLP earning a $703K net profit, not suffering a $13.5M loss as stated; (2) the HyperVault $3.6M rug pull was perpetrated by an independent third-party protocol that happened to be built on Hyperliquid's chain, not by Hyperliquid itself; (3) the North Korea/Lazarus Group event produced no actual exploit or fund loss — only user-initiated withdrawals based on fear. Legitimate concerns remain: validator centralization (architectural risk being actively addressed, now at 16+ validators), a UK FCA unauthorized-firm warning (May 2026) restricting UK access, and a structural vulnerability demonstrated by the POPCAT and JELLY manipulation attacks showing the HLP vault can be targeted. These concerns place the entity firmly in the CAUTIONARY band (50-69) — legitimate with material caveats — rather than WARNING (20-49), which is reserved for elevated fraud/loss risk or unresolved severe incidents. A score of 62 reflects the real decentralization and security architecture concerns while recognizing the absence of entity-level fraud or unresolved severe loss events.
   anchoranchored

   chain

   ●mainnet-betaslot 426,514,239

   sig

   2JLrPvdbVUzA…EWoTwqSAcopyexplorer ↗

   hash

   4QY7uDVM3tC9…nKGQbHCqcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1923 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-14T23:15:45.905Z","decision":"review","investigation_id":"08752005-1f07-4792-bacf-583564b32b2c","new_score":28,"page_slug":"hyperliquid","prev_score":28,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Hyperliquid is a legitimate, technically sophisticated Layer-1 perpetual futures DEX that is the dominant platform in its category by volume, entirely self-funded, with no evidence of fraud, Ponzi mechanics, or exit scam behavior. The three major incidents driving its WARNING-band score are systematically mis-characterized: (1) the JELLY manipulation ended with HLP earning a $703K net profit, not suffering a $13.5M loss as stated; (2) the HyperVault $3.6M rug pull was perpetrated by an independent third-party protocol that happened to be built on Hyperliquid's chain, not by Hyperliquid itself; (3) the North Korea/Lazarus Group event produced no actual exploit or fund loss — only user-initiated withdrawals based on fear. Legitimate concerns remain: validator centralization (architectural risk being actively addressed, now at 16+ validators), a UK FCA unauthorized-firm warning (May 2026) restricting UK access, and a structural vulnerability demonstrated by the POPCAT and JELLY manipulation attacks showing the HLP vault can be targeted. These concerns place the entity firmly in the CAUTIONARY band (50-69) — legitimate with material caveats — rather than WARNING (20-49), which is reserved for elevated fraud/loss risk or unresolved severe incidents. A score of 62 reflects the real decentralization and security architecture concerns while recognizing the absence of entity-level fraud or unresolved severe loss events.","score_delta":0,"sequence_num":4,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision aebad73b-2f86-4d99-931f-24b6b1e61db2copy
5. #5review approveby judgejudge

   2026-06-14 23:15:46Z
   Score: 28 → 62 (+34)
   The calibration review (confidence 0.85) finds Hyperliquid's current WARNING-band score of 28 is systematically over-penalized across three major incidents. claim_findings[0] shows the JELLY event resulted in a net HLP profit of $703K, not the $13.5M loss stated on the page and in the timeline. claim_findings[1] establishes that the $3.6M HyperVault rug pull was perpetrated by an independent third-party protocol, not by Hyperliquid itself. claim_findings[2] confirms no exploit occurred in the Lazarus Group incident — the $256M figure represents user-initiated withdrawals, not stolen funds, as Hyperliquid itself stated publicly. Legitimate concerns remain: validator centralization (now 16+ validators, actively improving), a UK FCA unauthorized-firm warning (May 2026), and demonstrated HLP vault vulnerability to coordinated market manipulation. These concerns fit the CAUTIONARY band (50-69). A delta of +34 moves the score to 62, consistent with the reviewer's recommendation and with the entity's profile as a dominant, self-funded, technically sophisticated DEX with real but non-fraudulent structural risks.
   anchoranchored

   chain

   ●mainnet-betaslot 426,514,241

   sig

   3QqAjM1Vp22M…BmxcP6L6copyexplorer ↗

   hash

   HrRa2Y2LdGEQ…yvACVt2Xcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1474 B) ▸

   {"actor":"judge","decided_at":"2026-06-14T23:15:45.905Z","decision":"review_approve","investigation_id":"08752005-1f07-4792-bacf-583564b32b2c","new_score":62,"page_slug":"hyperliquid","prev_score":28,"reason":"The calibration review (confidence 0.85) finds Hyperliquid's current WARNING-band score of 28 is systematically over-penalized across three major incidents. claim_findings[0] shows the JELLY event resulted in a net HLP profit of $703K, not the $13.5M loss stated on the page and in the timeline. claim_findings[1] establishes that the $3.6M HyperVault rug pull was perpetrated by an independent third-party protocol, not by Hyperliquid itself. claim_findings[2] confirms no exploit occurred in the Lazarus Group incident — the $256M figure represents user-initiated withdrawals, not stolen funds, as Hyperliquid itself stated publicly. Legitimate concerns remain: validator centralization (now 16+ validators, actively improving), a UK FCA unauthorized-firm warning (May 2026), and demonstrated HLP vault vulnerability to coordinated market manipulation. These concerns fit the CAUTIONARY band (50-69). A delta of +34 moves the score to 62, consistent with the reviewer's recommendation and with the entity's profile as a dominant, self-funded, technically sophisticated DEX with real but non-fraudulent structural risks.","score_delta":34,"sequence_num":5,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 4aeaf703-1689-45e0-aae5-8f72e14a906ecopy