Translation by GaryMa Wu on Blockchain

This article summarizes and reviews two recent FUD incidents regarding Hyperliquid and the official public responses.

1. FUD Incident One: Suspected Team Member Address Selling to Short, Actually a Former Employee

Incident Background

Initially, a member of the Hype community discovered an address

0x7ae4c156e542ff63bcb5e34f7808ebc376c41028

that was continuously selling HYPE and shorting. By tracing the early funding sources of this address, its interaction history on the testnet, and past transaction records, it was found that this address had a high on-chain association with the Hyperliquid development team, Hyperliquid Labs. Subsequently, rumors began circulating in the community about "the official team leading the dump" or "insiders profiting from undisclosed information/mechanism advantages to short," which temporarily damaged market confidence.

Official Response

Later, a member of the Hyperliquid team posted on Discord stating that all personnel associated with Hyperliquid Labs (including employees and contractors) must adhere to strict codes of conduct regarding HYPE tokens, including a prohibition on participating in derivatives trading and a zero-tolerance policy for insider trading.

Regarding the community-mentioned shorting address starting with 0x7ae4, the team stated that this address belonged to a former employee who left in the first quarter of 2024 and currently has no association with Hyperliquid Labs; their actions do not represent the team's position.

2. FUD Incident Two: Technical Doubts About Centralized Control and Trust Assumptions (Misunderstanding of Solvency)

Incident Origin

The incident originated from an article. This article was a technical audit-style analysis based on reverse engineering, where the author attempted to prove that Hyperliquid, under the narrative of "on-chain perpetual contracts," still exhibited significant centralized control and trust assumptions.

The author's core argument was not that "Hyperliquid is definitely doing evil," but rather that the current design of the system allows for wrongdoing or abuse in extreme cases, which poses risks in the DeFi context.

In response, Hyperliquid also published a lengthy article addressing and refuting these points. The following is a compilation of Wu's translation.

Full Official Response from Hyperliquid

Hyperliquid is built on the foundation of on-chain transparency. Recently, an article made several claims that are inconsistent with the facts:

Solvency: Every dollar has a clear correspondence; the author omitted the native HyperEVM USDC.

System Integrity: Testnet functions are, as the name suggests, only for testing and cannot be executed on the mainnet.

Transparency: In the field of perpetual contract trading, Hyperliquid is more transparent and decentralized than all other major platforms. The entire system state is independently maintained by a permissionless set of validators and verified by each node through BFT proof of stake consensus. Every order, transaction, and settlement is visible in real-time during execution. Anyone can run a node and index the state and state changes of the chain. No mainstream perpetual contract platform can provide users with assurances close to this level.

Below are our responses to the author's points.

Accusation: The system has a collateral shortfall of $362 million

Incorrect:

The blockchain state of Hyperliquid is fully and verifiably solvent on-chain. The author excluded HyperEVM USDC (this integration has already been publicly announced and is highly anticipated), which exists in parallel with the Arbitrum cross-chain bridge.

Every USDC circulating on HyperCore can be transparently accounted for by summing the balances of the following addresses:

https://arbiscan.io/address/0x2df1c51e09aecf9cacb7bc98cb1742757f163df7

and

https://hyperevmscan.io/address/0x6b9e773128f453f5c2c60935ee2de2cbc5390a24

At the time of writing, this amount is $3.989 billion + $362 million = $4.351 billion USDC (located on HyperCore).

The USDC on HyperEVM can be calculated by deducting $362 million from the $421 million USDC in the HyperEVM USDC contract:

https://hyperevmscan.io/token/0xb88339cb7199b77e23db6e890353e22632ba630f

resulting in approximately $59 million USDC located on HyperEVM.

By comparing the sum of the balances of the Arbitrum cross-chain bridge and the native USDC with the total user balances on HyperCore, verification can be completed. As emphasized in the introduction, only on Hyperliquid can the overall solvency of the system be independently verified in this manner compared to competitors.

The current Arbitrum cross-chain bridge played a significant role during the early launch of the Hyperliquid network. As the migration to native USDC is completed, this cross-chain bridge will be gradually phased out, aligning Hyperliquid architecturally with other mainstream L1s.

Accusation: Post-hoc trading volume manipulation via TestnetSetYesterdayUserVlm

Incorrect:

This is a function that exists only on the testnet, used to support comprehensive testing. The author claims that "the existence of the function itself is the problem… this capability undermines the trust model."

Testnet-specific functions used for more rigorous testing of edge cases do not compromise the integrity of the chain. Hyperliquid's fee structure involves complex interactions with multiple inputs, including user trading volume, whether it is aligned quote tokens, market maker/taker identity, HIP-3, etc. These interactions must be validated on the testnet, hence the testnet includes a set of administrator functions that are solely for testing and do not exist on the mainnet.

The related TestnetAddMainnetUser operation is used to mark a testnet user as having the corresponding mainnet status to prevent "zero-cost" initiated DDOS attacks on the testnet. These functions cannot be called in the mainnet state.

Although the execution source code is not publicly available, anyone can run a node to verify each transaction on-chain and aggregate trading volume data to confirm the accuracy of the on-chain state. Similar to verifying system solvency and comparing it with the total value of all user accounts, this process is feasible on Hyperliquid, while most competing platforms do not have this capability.

Given that this code path is completely unreachable on the mainnet, future development will thoroughly remove these testnet-only logics from the mainnet nodes to avoid any potential misunderstandings or misinterpretations.

Accusation: Some users have special privileges such as fee waivers or post-hoc trading volume manipulation to influence airdrops

Incorrect:

Like system solvency, user balances, and individual transactions, any address's fee payments are also traceable on-chain. Each transaction and its paid fees or received rebates are transparently indexed by nodes, API services, and third-party analytical tools.

There is no mechanism to distort fees, nor is there any mechanism that could influence HYPE airdrops. Furthermore, the genesis distribution data of HYPE is fully publicly available on-chain, allowing users to verify the historical behavior of each relevant address.

Accusation: The "CoreWriter" god mode can mint, transfer user funds without signatures, randomly crash validators, and act almost at will

Incorrect:

The specifications of CoreWriter are fully documented here:

https://hyperliquid.gitbook.io/hyperliquid-docs/for-developers/hyperevm/interacting-with-hypercore

and can be reproduced in the open-source HyperEVM execution environment.

CoreWriter is a mechanism that allows smart contracts on HyperEVM to send operational instructions to HyperCore during block execution. It supports various operations typically initiated by external accounts (EOA), such as staking and placing orders, but does not have the capability to "mint tokens, transfer user funds without signatures, randomly crash validators, or act at will."

This claim stems from a fundamental misunderstanding of how HyperCore interacts with HyperEVM.

Accusation: The chain can be frozen through governance, and there is no revocation mechanism

Misinterpretation:

The chain will temporarily stop block production during network upgrades. The absence of a revocation mechanism is because validators adopted a new binary version at that height. This is entirely consistent with how other networks execute hard forks in the future through social consensus.

The suspicious activities of POPCAT in November 2025 did not lead to an L1 freeze, nor were any user funds frozen. L1 operated normally during that period, and any observer could see the blocks produced at that time.

After the incident, the Arbitrum cross-chain bridge was automatically locked due to abnormal fluctuations in account balances. As mentioned earlier, the Arbitrum cross-chain bridge is less secure than the natively minted USDC, thus requiring several conservative automatic locking mechanisms as protection. This locking mechanism has been audited and open-sourced, and as the transition to native USDC progresses, the cross-chain bridge will be gradually phased out.

Accusation: A single private key can instantly set any oracle price, with no time lock and no restrictions

Misinterpretation:

The author likely confused the HIP-3 oracle update logic with the perpetual contracts run by validators. The updates to the HIP-3 oracle are indeed set by a single address, but this depends on how the deployer configures it; this update address is not necessarily an EOA. For example, the current HIP-3 deployer uses a combination of MPC and CoreWriter architecture.

For the perpetual contracts run by validators, multiple validators can submit oracle price updates, and the final price is derived from the weighted median of several major centralized exchanges.

The system does not have explicit time locks or restrictions because these restrictions would actually reduce rather than enhance system security. The events of October 10 indicate that during periods of high volatility, failing to trigger ADL in a timely and accurate manner would threaten the system's solvency.

During this period, Hyperliquid was one of the few platforms that did not experience performance degradation or network interruptions. If protocols like Mango Markets or similar ones with oracle rate limits had been operating during the period of 10/10, it is likely that bad debts would have arisen. Further decentralization will include independent and open-source oracle update programs actively run by other validators.

Accusation: Eight undisclosed addresses control all transaction submissions

Incorrect:

Currently, some transactions are directly submitted by validators. Others (such as placing orders) have not yet been processed this way to minimize MEV, but future upgrades will extend this logic to all transactions through a mechanism that is resistant to both MEV and censorship.

The cautious consideration of MEV stems from feedback provided by traders and researchers based on predatory behaviors observed on other chains. There is almost unanimous consensus that toxic transaction ordering significantly harms the end-user experience.

Ultimately, the set of validators is permissionless, and there is no guarantee that the validators in the mainnet will always be fully aligned with the ecosystem. Addressing this issue (including a multi-proposer block building mechanism) will be an important milestone in the decentralization process.

Accusation: There is a liquidation group with an unfair advantage

Misinterpretation:

Only HLP can act as the backstop to liquidate users, and the HLP sub-treasury is the only address in that set. However, depositing funds into HLP is permissionless, making HLP a community-owned liquidity treasury that supports the operation of the protocol.

Moreover, all liquidations will first attempt to be completed through the order book, with the vast majority of liquidated positions being processed at this stage without backstop liquidation. This allows users to retain remaining collateral while also enabling other users to competitively provide the best prices for liquidation, benefiting the liquidated users.

Accusation: There is a hidden lending protocol with deposits exceeding $1 million, yet no documentation exists

Incorrect:

The combination of margin, lending features, and the deposit value of HLP has been publicly announced and is currently in the pre-alpha launch phase. Relevant documentation can be found at the following address and has been continuously improved over the past few weeks:

https://hyperliquid.gitbook.io/hyperliquid-docs/trading/portfolio-margin

Accusation: ModifyNonCirculatingSupply allows modification of token supply

Incorrect:

The total supply of HIP-1 tokens on HyperCore was fixed at deployment. The so-called "non-circulating supply" is merely an informational field that can optionally mark certain addresses as "non-circulating" for display purposes only.

Whether an address is marked as "non-circulating" does not affect any execution logic. This is an example of information that might be better suited for off-chain, but it does not constitute a vulnerability.

We appreciate the author's time spent verifying Hyperliquid's execution logic. The ability to conduct such investigations precisely demonstrates the transparency and level of decentralization that Hyperliquid has achieved.

Specifically, Hyperliquid is the only major perpetual contract platform where the complete state and every input difference can be transparently accessed by anyone running a node.

Conducting a similar analysis on any other leading perpetual contract DEX is impossible. For example, Lighter uses a single centralized sorter, and its execution logic and ZK circuits are not publicly available; Aster employs centralized matching and even offers dark pool trading, which is only possible under a single centralized sorter with unverifiable execution. Other protocols, while having some contracts open-sourced, also lack verifiable sorters.

In exchanges like Binance, Lighter, Aster, or similar, no one can see the complete on-chain state snapshot, including the order book, positions, and other user information, except for the sorter itself. Centralized sorters can also upgrade their software without any constraints.

In contrast, on Hyperliquid, the entire system state is on-chain, meaning that 24 validators execute the same state machine under BFT consensus rules. There is still much work to be done on the path to a higher degree of decentralization, but it is essential to emphasize how far ahead Hyperliquid and its ecosystem are compared to competitors.

Decentralization is a gradual process, and Hyperliquid will ultimately be fully open-sourced. While this may leak certain advantages to competitors (who are all closed-source), making it easier for them to replicate Hyperliquid's innovations, Hyperliquid believes this is the right trade-off in balancing community value accumulation, innovation speed, and adherence to DeFi values.

The execution layer of HyperEVM has already been open-sourced, and independent community member Sprites maintains a complete historical archive node to support several important integrations. HyperCore will follow the same path once it is fully functional.

Related Links

On-chain address of the former employee:

https://dev.hypurrscan.io/address/0x7ae4c156e542ff63bcb5e34f7808ebc376c41028

Official response regarding team members selling to short:

https://discord.com/channels/1029781241702129716/1030197017655394447/1452511033758580828

Technical audit-style article analysis based on reverse engineering:

https://blog.can.ac/2025/12/20/reverse-engineering-hyperliquid/

Official response to misunderstandings about solvency, centralized control, and trust assumptions:

https://x.com/HyperliquidX/status/2003045600657334570

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。