Original Title: “Hyperliquid Personally Conducts Reconciliation, Behind the Perfect PR Lies a Bottom-Level Siege on Competitors”
Original Author: angelilu, Foresight News
On December 20, 2025, a technical article titled “Reverse Engineering Hyperliquid” published on blog.can.ac directly deconstructed Hyperliquid’s binary file through reverse engineering, accusing it of nine serious issues ranging from “insolvency” to “God mode backdoor.” The article bluntly stated:
“Hyperliquid is a centralized trading platform disguised as a blockchain.”
Faced with FUD, Hyperliquid officially released a lengthy response. Perhaps this was not merely a simple rumor clarification but a declaration of war regarding “who truly is the decentralized trading facility.” While the official successfully clarified the fund security issue, it left intriguing “gaps” in certain sensitive areas of decentralization.
Where Did the $362 Million Go? The Audit Blind Spot Under “Dual Ledgers”
The most damaging accusation is: user assets within the Hyperliquid system are $362 million less than the on-chain reserves. If true, this would mean it is an “on-chain FTX” operating on partial reserves.
However, after verification, this is a misinterpretation due to information asymmetry caused by “architecture upgrades.” The auditor’s logic was: Hyperliquid reserves = USDC balance on the Arbitrum cross-chain bridge. According to this logic, he checked the cross-chain bridge address and found the balance indeed less than the total user deposits.
Hyperliquid responded that it is undergoing a full evolution from “L2 AppChain” to “independent L1.” During this process, asset reserves have become dual-track:
The accuser completely overlooked the native USDC on HyperEVM. According to on-chain data (as of publication time):
· Arbitrum cross-chain balance: 3.989 billion USDC (verifiable on Arbiscan)
· HyperEVM native balance: 362 million USDC (verifiable on Hyperevmscan)
· HyperEVM contract balance: 59 million USDC
Total solvency = 3.989 billion + 362 million + 59 million ≈ 4.351 billion USDC
This figure exactly matches the Total User Balances on HyperCore. The so-called “$362 million gap” is precisely the native assets already migrated to HyperEVM. This is not a disappearance of funds but a transfer of funds between different ledgers.
9-Point Accusation Reconciliation: What Was Clarified? What Was Evaded?
Clarified Accusations
Accusation: “CoreWriter” God Mode: It was accused of being able to mint money out of thin air and misappropriate funds.
Response: The official explained this is an interface for L1 to interact with HyperEVM (such as staking), with restricted permissions and no ability to misappropriate funds.
Accusation: $362 million funding gap.
Response: As described above, it was due to not accounting for Native USDC.
Accusation: Undisclosed lending protocol.
Response: The official pointed out that the spot/lending feature (HIP-1) documentation is already public, in pre-release stage, and not secretly operated.
Admitted but Reasonably Explained Accusations
Accusation: Binary file contains “modify trading volume” code (TestnetSetYesterdayUserVlm).
Response: Acknowledged existence. But explained as testnet (Testnet) residual code, used to simulate fee logic; mainnet nodes have physically isolated this path, making execution impossible.
Accusation: Only 8 broadcast addresses can submit transactions.
Response: Acknowledged. Explained as an anti-MEV (Maximal Extractable Value) measure to prevent user front-running. Committed to implementing a “multi-proposer” mechanism in the future.
Accusation: Chain can be “plannedly frozen” with no revocation function.
Response: Acknowledged. Explained this is the standard process for network upgrades (Upgrade), requiring full network suspension for version switching.
Accusation: Oracle prices can be instantly overwritten.
Response: Explained as a system security design. To promptly liquidate bad debts during extreme volatility like 10/10, the validator oracle indeed has no time lock set.
Missing/Vague Responses
In our verification, two accusations were not directly addressed or fully resolved in the official response:
Accusation: Governance proposals are unqueryable; users can only see that voting occurred, but on-chain data does not include the specific text content of proposals.
Response: The official did not address this point in the lengthy article. This means Hyperliquid’s governance remains a “black box” for ordinary users; you can only see the results, not the process.
Accusation: Cross-chain bridge has no “escape hatch”; withdrawals may be indefinitely censored, users cannot force withdrawals back to L1.
Response: Although the official explained that locking the bridge during the POPCAT incident was for security, it did not refute the architectural fact of “no escape hatch.” This indicates that at the current stage, user asset inflows and outflows highly depend on the validator set’s approval, lacking the anti-censorship forced withdrawal capability like L2 Rollups.
“Pulling Down Competitors”
The most interesting aspect of this turmoil is that it forced Hyperliquid to reveal its cards, giving us an opportunity to re-examine the landscape of the Perp track. In its response, the official unusually “pulled down competitors,” targeting Lighter, Aster, and even industry giant Binance.
It stated, “Lighter uses a single centralized sequencer, with its execution logic and zero-knowledge proof (ZK) circuits not publicly disclosed. Aster uses centralized matching, even offering dark pool trading, which is only possible with a single centralized sequencer and unverifiable execution process. Other protocols with open-source contracts lack verifiable sequencers.”
Hyperliquid bluntly categorized these competitors as relying on “Centralized Sequencer.” The official emphasized: on these platforms, besides the sequencer operator, no one can see the full state snapshot (including order book history, position details). In contrast, Hyperliquid attempts to eliminate this “privilege” by having all validators execute the same state machine.
This “pulling down” might also stem from Hyperliquid’s concerns about current market share. According to DefiLlama’s trading volume data over the past 30 days, the market landscape has become a tripartite balance:
· Lighter: Trading volume $232.3 billion, temporarily leading, accounting for approximately 26.6%.
· Aster: Trading volume $195.5 billion, second place, accounting for approximately 22.3%.
· Hyperliquid: Trading volume $182 billion, third place, accounting for approximately 20.8%.
Facing the trading volumes of Lighter and Aster, which have surpassed it, Hyperliquid attempts to play the “transparency” card—i.e., “although I have 8 centralized broadcast addresses, my full state is on-chain and verifiable; while you can’t even check.” However, it is worth noting that although Hyperliquid slightly lags behind the top two in trading volume, it dominates in Open Interest (OI).
Public Sentiment Response: Who Is Shorting HYPE?
Besides technical and fund issues, the community is most concerned about recent rumors of HYPE tokens being shorted and dumped by “insiders.” Regarding this, Hyperliquid team members gave a qualitative response for the first time on Discord: “The shorting address starting with 0x7ae4 belongs to a former employee,” who was a team member but was dismissed in early 2024. This former employee’s personal trading behavior is unrelated to Hyperliquid’s current team. The platform emphasized that it currently implements extremely strict HYPE trading restrictions and compliance reviews for all employees and contractors, strictly prohibiting insider trading using position advantages.
This response attempts to downgrade the accusation of “team misconduct” to “former employee personal behavior,” but regarding transparency in token distribution and unlocking mechanisms, the community may still expect more detailed disclosure.
Don’t Trust, Verify
Hyperliquid’s clarification tweet this time is a textbook example of crisis PR—not relying on emotional output but on data, code links, and architectural logic. It did not stop at proving innocence but turned defense into offense, reinforcing its brand and advantage of “full state on-chain” by comparing competitor architectures.
Although the FUD was disproven, the reflections left by this incident for the industry are profound. As DeFi protocols evolve towards independent application chains (AppChain), architectures become increasingly complex, and asset distribution becomes more fragmented (Bridge + Native). The traditional “check contract balance at a glance” auditing method has become ineffective.
For Hyperliquid, proving “the money is there” is only the first step. How to gradually transfer the permissions of those 8 submission addresses while maintaining high performance and anti-MEV advantages, truly achieving the leap from “transparent centralization” to “transparent decentralization,” is the necessary path to becoming the “ultimate DEX.”
For users, this turmoil reaffirms the iron law of the crypto world: do not trust any narrative; verify every byte.
