Hyperliquid Team Details: Is There Centralized Control?

Compilation | GaryMa Wu Says Blockchain

This article summarizes and reviews two recent FUD incidents regarding Hyperliquid and the official public responses.

1. FUD Incident One: Suspected Team Member Address Selling Short, Actually a Former Employee

Incident Background

Initially, a member of the Hype community discovered an address

0x7ae4c156e542ff63bcb5e34f7808ebc376c41028

that was continuously selling HYPE and shorting. By tracing the early funding sources of this address, its interactions with testnet history, and past transaction records, it was found that this address had a high on-chain correlation with the Hyperliquid development team, Hyperliquid Labs. Subsequently, the community began to circulate claims of "the official team leading the dump" or "insiders profiting from undisclosed information/mechanism advantages," which temporarily damaged market confidence.

Official Response

Later, a member of the Hyperliquid team posted on Discord stating that all personnel related to Hyperliquid Labs (including employees and contractors) must adhere to strict codes of conduct regarding HYPE tokens, including prohibiting participation in derivatives trading and enforcing a zero-tolerance policy on insider trading.

Regarding the community-mentioned shorting address starting with 0x7ae4, the team stated that this address belonged to a former employee who left in the first quarter of 2024 and currently has no association with Hyperliquid Labs, and their actions do not represent the team's position.

2. FUD Incident Two: Technical Doubts About Centralized Control and Trust Assumptions (Misunderstanding of Solvency)

Incident Origin

The incident originated from an article. This article was a technical audit-style analysis based on reverse engineering, where the author attempted to prove that Hyperliquid, under the narrative of "on-chain perpetual contracts," still exhibited significant centralized control and trust assumptions.

The author's core argument was not that "Hyperliquid is definitely doing evil," but rather that the current design of the system allows for potential malfeasance or abuse in extreme cases, which constitutes a risk in the DeFi context.

In response, Hyperliquid also published a lengthy article addressing and refuting these points. Wu's compilation is as follows.

Full Official Response from Hyperliquid

Hyperliquid is built on the foundation of on-chain transparency. Recently, an article made several claims that were inconsistent with the facts:

Solvency: Every dollar has a clear correspondence; the author omitted the native HyperEVM USDC.

System Integrity: Testnet functions are, as the name suggests, only for testing and cannot be executed on the mainnet.

Transparency: In the field of perpetual contract trading, Hyperliquid is more transparent and decentralized than all other major platforms. The entire system state is independently maintained by a permissionless set of validators and verified by each node through BFT proof-of-stake consensus. Every order, transaction, and settlement is visible in real-time during execution. Anyone can run a node and index the state and state changes of the chain. No mainstream perpetual contract platform can provide users with such a level of assurance.

Here are our responses to the author's points.

Claim: The system has a $362 million collateral shortfall

Incorrect:

The state of the Hyperliquid blockchain is fully and verifiably solvent on-chain. The author excluded HyperEVM USDC (this integration has already been publicly announced and is highly anticipated), which exists in parallel with the Arbitrum cross-chain bridge.

Every USDC circulating on HyperCore can be transparently accounted for by summing the balances of the following addresses:

https://arbiscan.io/address/0x2df1c51e09aecf9cacb7bc98cb1742757f163df7

and

https://hyperevmscan.io/address/0x6b9e773128f453f5c2c60935ee2de2cbc5390a24

At the time of writing, this amount is $3.989 billion + $362 million = $4.351 billion USDC (located on HyperCore).

The USDC on HyperEVM can be calculated by deducting $362 million from the $421 million USDC in the HyperEVM USDC contract:

https://hyperevmscan.io/token/0xb88339cb7199b77e23db6e890353e22632ba630f

resulting in approximately $59 million USDC located on HyperEVM.

By comparing the sum of the Arbitrum cross-chain bridge and the native USDC balances with the total user balances on HyperCore, verification can be completed. As emphasized in the introduction, only on Hyperliquid can the overall solvency of the system be independently verified in this manner compared to competitors.

The current Arbitrum cross-chain bridge played a significant role in the early launch of the Hyperliquid network. As the migration to native USDC is completed, this cross-chain bridge will be gradually phased out, aligning Hyperliquid architecturally with other mainstream L1s.

Claim: Post-hoc trading volume manipulation via TestnetSetYesterdayUserVlm

Incorrect:

This is a function that exists only on the testnet, designed to support comprehensive testing. The author claims that "the existence of the function itself is the problem… this capability undermines the trust model."

Testnet-specific functions for more rigorous testing of edge cases do not compromise the integrity of the chain. Hyperliquid's fee structure involves complex interactions with multiple inputs, including user trading volume, whether it is aligned quote tokens, market maker/taker identities, HIP-3, etc. These interactions must be validated on the testnet, hence the testnet includes a set of administrator functions that are solely for testing and do not exist on the mainnet.

The related TestnetAddMainnetUser operation is used to mark a testnet user as having the corresponding mainnet status to prevent "zero-cost" DDOS attacks initiated on the testnet. These functions cannot be called in the mainnet state.

Although the execution source code is not publicly available, anyone can run a node to verify each transaction on-chain and aggregate trading volume data to confirm the accuracy of the on-chain state. Similar to verifying system solvency and comparing it with the total value of all user accounts, this process is feasible on Hyperliquid, while most competing platforms do not offer this possibility.

Given that this code path is completely unreachable on the mainnet, future development will thoroughly remove this testnet-only logic from the mainnet nodes to avoid any potential misunderstandings or misinterpretations.

Claim: Some users have special privileges such as fee waivers or post-hoc trading volume manipulation to influence airdrops

Incorrect:

Like system solvency, user balances, and individual transactions, any address's fee payments are also traceable on-chain. Each transaction and its associated fees or rebates are transparently indexed by nodes, API services, and third-party analytical tools.

There is no mechanism to distort fees, nor is there any mechanism that could influence HYPE airdrops. Furthermore, the genesis distribution data of HYPE is fully publicly available on-chain, allowing users to verify the historical behavior of each relevant address.

Claim: "CoreWriter" has god mode capabilities to mint, transfer user funds without signatures, randomly crash validators, and act with impunity

Incorrect:

The specifications for CoreWriter are fully documented here:

https://hyperliquid.gitbook.io/hyperliquid-docs/for-developers/hyperevm/interacting-with-hypercore

and can be reproduced in the open-source HyperEVM execution environment.

CoreWriter is a mechanism that allows smart contracts on HyperEVM to send operational instructions to HyperCore during block execution. It supports various operations typically initiated by external accounts (EOA), such as staking and placing orders, but does not possess the capability to "mint tokens, transfer user funds without signatures, randomly crash validators, or act with impunity."

This claim stems from a fundamental misunderstanding of how HyperCore interacts with HyperEVM.

Claim: The chain can be frozen through governance, and there is no revocation mechanism

Misinterpretation:

The chain will temporarily halt block production during network upgrades. The absence of a revocation mechanism is because validators adopted a new binary version at that height. This is entirely consistent with how other networks execute hard forks through social consensus in future heights.

The suspicious activities of POPCAT in November 2025 did not lead to an L1 freeze, nor were any user funds frozen. L1 operated normally during that period, and any observer could see the blocks produced at that time.

After the incident, the Arbitrum cross-chain bridge was automatically locked due to abnormal fluctuations in account balances. As mentioned earlier, the Arbitrum cross-chain bridge is less secure than the natively minted USDC, hence multiple conservative automatic locking mechanisms are in place for protection. This locking mechanism has been audited and is open-source, and as the transition to native USDC progresses, the cross-chain bridge will be gradually phased out.

Claim: A single private key can instantly set any oracle price, with no time lock or restrictions

Misinterpretation:

The author likely confused the HIP-3 oracle update logic with the perpetual contracts run by validators. The HIP-3 oracle updates are indeed set by a single address, but this depends on how the deployer configures it; this update address is not necessarily an EOA. For example, the current HIP-3 deployer uses a combination of MPC and CoreWriter architecture.

For perpetual contracts run by validators, multiple validators can submit oracle price updates, and the final price is based on a weighted median from several major centralized exchanges.

The system does not have explicit time locks or restrictions because these restrictions would reduce rather than enhance system security. The events of October 10 indicate that if ADL cannot be triggered timely and accurately during high volatility, it poses a threat to system solvency.

During that period, Hyperliquid was one of the few platforms that did not experience performance degradation or network interruptions. If protocols like Mango Markets, which have oracle rate limits, had operated during the 10/10 period, they likely would have incurred bad debts. Further decentralization will include independently running open-source oracle update programs by other validators.

Claim: Eight undisclosed addresses control all transaction submissions

Incorrect:

Some transactions are already submitted directly by validators. Others (such as order placements) have not yet been processed this way to minimize MEV, but future upgrades will extend this logic to all transactions through a mechanism that possesses both anti-MEV and anti-censorship capabilities.

The cautious consideration of MEV stems from feedback provided by traders and researchers based on predatory behaviors observed on other chains. There is almost unanimous consensus that toxic transaction ordering significantly harms the end-user experience.

Ultimately, the set of validators is permissionless, and there is no guarantee that the validators in the mainnet will always be fully aligned with the ecosystem. Addressing this issue (including a multi-proposer block building mechanism) will be an important milestone in the decentralization process.

Claim: There is a hidden lending protocol with deposits exceeding $1 million, yet no documentation

Incorrect:

The combination of margin, lending functions, and the deposit value of HLP has been publicly announced and is currently in the pre-alpha launch phase. Relevant documentation can be found at the following address and has been continuously improved over the past few weeks:

https://hyperliquid.gitbook.io/hyperliquid-docs/trading/portfolio-margin

Claim: ModifyNonCirculatingSupply allows modification of token supply

Incorrect:

The total supply of HIP-1 tokens on HyperCore was fixed at deployment. The so-called "non-circulating supply" is merely an informational field that can optionally mark certain addresses as "non-circulating" for display purposes.

Whether an address is marked as "non-circulating" does not affect any execution logic. This is an example of information that might be better suited for off-chain, but it does not constitute a vulnerability.

We appreciate the author's time spent verifying Hyperliquid's execution logic. The ability to conduct such investigations precisely demonstrates the transparency and degree of decentralization that Hyperliquid has achieved.

Specifically, Hyperliquid is the only major perpetual contract platform where its complete state and every input difference can be transparently accessed by anyone running a node.

Conducting a similar analysis on any other leading perpetual contract DEX is impossible. For example, Lighter uses a single centralized sorter, and its execution logic and ZK circuits are not public; Aster employs centralized matching and even offers dark pool trading, which can only be achieved under a single centralized sorter with unverifiable execution. Other protocols, while having some contracts open-sourced, also lack verifiable sorters.

In exchanges like Binance, Lighter, Aster, or similar, no one can see the complete on-chain state snapshot, including order books, positions, and other user information, apart from the sorter itself. Centralized sorters can also upgrade their software without any constraints.

In contrast, on Hyperliquid, the entire system state is on-chain, meaning that 24 validators execute the same state machine under BFT consensus rules. There is still much work to be done on the path to a higher degree of decentralization, but it is essential to emphasize how far ahead Hyperliquid and its ecosystem are compared to competitors.

Decentralization is a gradual process, and Hyperliquid will eventually be fully open-sourced. Although this will leak some advantages to competitors (who are all closed-source), making it easier for them to replicate Hyperliquid's innovations, Hyperliquid believes this is the right trade-off in balancing community value accumulation, innovation speed, and adherence to DeFi values.

The execution layer of HyperEVM has already been open-sourced, and independent community member Sprites maintains a complete historical archive node, supporting multiple important integrations. HyperCore will also follow the same path once it is fully functional.

Related Links

On-chain address of the former employee:

https://dev.hypurrscan.io/address/0x7ae4c156e542ff63bcb5e34f7808ebc376c41028

Official response regarding team members selling short:

https://discord.com/channels/1029781241702129716/1030197017655394447/1452511033758580828

Technical audit-style article analysis based on reverse engineering:

https://blog.can.ac/2025/12/20/reverse-engineering-hyperliquid/

Official response to misunderstandings about solvency, centralized control, and trust assumptions:

https://x.com/HyperliquidX/status/2003045600657334570