What Survives a Hack

In April 2026, two of the largest DeFi exploits of the year landed within three weeks of each other. Drift, the Solana-based perpetuals exchange, lost roughly $200 million on April 1 to a six-month social engineering operation. Kelp DAO, an Ethereum restaking protocol, lost $292 million on April 19 when an attacker tricked LayerZero's cross-chain bridge into releasing rsETH from its vault. Both attacks were attributed to Lazarus Group.

Neither attack was a smart contract exploit. Drift's audited code was untouched. Kelp's contracts were untouched. LayerZero's protocol was untouched. The attackers walked around the audited surface and hit something else.

The cleanest summary came from a security researcher dissecting the Kelp incident: the $293 million bug was not in the code. The same line could be written about Drift.

This forces a question that the term non-custodial tends to paper over. If both attacks happened on systems users were told were trustless — non-custodial, on-chain, audited — then what actually survives a hack? The answer depends on what you are doing, not on the label the protocol wears.

The Question Is Not "Is It Safe"

Asking whether HyperCore is safe compresses too many distinct activities into one yes-or-no. Holding USDC, holding an open perpetual position, staking HYPE, depositing into HLP, and depositing into a user-led vault are five different relationships with five different risk profiles.

A trader who is told that HyperCore is safe without further detail will assume the same level of protection covers all five. That is exactly the assumption that gets people hurt when an event hits one specific layer. The honest answer is a matrix.

The Matrix

USDC sitting in your HyperCore account, no positions open. The asset is an L1 balance controlled by your private key. The custody surface is your key, your device, and the consensus layer. Hyperliquid runs HyperBFT with 21 validators, up from 16 at launch, all KYC and KYB vetted, with a Foundation Delegation Program working to widen geographic distribution. The remaining external exposure is the Arbitrum USDC bridge — the same bridge that received a one-million-dollar bug bounty payout in 2024 for a vulnerability disclosed by a white-hat. Native USDC and CCTP v2 have been linked between HyperCore and HyperEVM since December 2025. The Arbitrum bridge is being deprecated but operates in parallel during the transition. Your money is approximately as safe as the slowest moving piece in that chain.

An open long or short. The asset is now collateralized margin. The protective surface includes the matching engine, the liquidation engine, the oracle, and — as JELLY demonstrated in March 2025 — the operator's willingness to intervene. JELLY was not a contract hack. It was market structure manipulation: a trader cornered HLP into a short position, pumped the spot price, and pushed unrealized losses to $13.5 million on a path toward wiping the entire $230 million vault. Hyperliquid forcibly delisted the token and force-closed positions. The vault survived. The decentralization narrative did not. Holding an open position is accepting that there is a hand on the kill switch and that hand has been used before.

HYPE staked. Delegations carry a one-day unbond plus a seven-day queue, totaling roughly eight days to liquidity. There is currently no automatic slashing. Validators can be jailed for poor performance, which halts rewards but does not cut principal. This is unusually generous on the downside protection axis and unusually weak on the malicious behavior deterrent axis. If a validator double-signs, the recourse path runs through the foundation, not through code. Staked principal is safe in the typical case. The latent risk is trust in the foundation's discretion.

HLP deposit. This is where category confusion does the most damage. HLP appears next to staking in many user interfaces, but it is not a yield product. It is a market making vault in which depositors take active risk on the protocol's market making book. The JELLY incident is the proof. The vault came within a single price tick of being wiped because of a coordinated attack on the market structure. The asset never left HyperCore's custody and no contract was hacked, but $230 million was nearly gone. The L1 native primitive nature of HLP eliminates an entire class of risks that broke Kelp — there is no separate ERC-20, no cross-chain bridge, no DVN configuration to misconfigure — but it does not eliminate market risk. Calling it yield obscures what depositors are actually doing.

A user vault deposit. Anyone can spin up a vault on HyperCore. The vault leader trades; depositors share in profits and losses. The custody surface here is the leader's private key and the leader's judgment. That is a smaller technical surface than a smart contract vault but a larger trust surface. It is closer in shape to depositing with a centralized fund manager than to anything most users associate with DeFi.

What Drift and Kelp Actually Took

Map the two attacks back onto this matrix. Drift's social engineering targeted developers integrating with the protocol — the path was a custom code integration that does not exist on HyperCore, where market creation is a standardized L1 primitive without bespoke per-market code. Kelp's bridge exploit hinged on choosing a single-verifier DVN configuration on a cross-chain messaging layer, in a vault implemented as a separate ERC-20 across multiple chains. HyperCore vaults are L1 native primitives with no cross-chain bridge per vault and no verifier configuration choice to make.

Three of the most exploited attack patterns on EVM DeFi this year — custom integration code, cross-chain DVN setup, smart contract vault separability — do not have a footprint on HyperCore. That is not because Hyperliquid is more secure as a brand. It is because the architecture has fewer building blocks for an attacker to chain together.

The Trade-off Is Real

The same property that closes those attack surfaces opens another. A protocol with one matching engine and one validator set under one foundation can intervene to stop a runaway loss. JELLY proved it can. That intervention saved $230 million. It also showed that decentralized needs an asterisk on this venue.

Whether that trade-off is acceptable depends on what a trader is doing. For a derivatives trader whose alternative is a centralized exchange that can also halt trading, freeze withdrawals, and drop tokens at its discretion, HyperCore offers most of the same operator powers with on-chain settlement and self-custodied collateral. For a sovereignty maximalist holding rsETH because it is censorship resistant, the calculus is different.

The mature reading is that surface area minimization and operator discretion are not the same axis as trustless versus trusted. They form a different trade-off, and HyperCore sits at a specific point on it. Pretending otherwise — selling HyperCore as fully decentralized or fully trustless — is a marketing position, not an honest one.

Where Blackboard Sits

Blackboard is a wrapper. The trading happens on HyperCore. The settlement happens on HyperCore. Your collateral is your L1 balance, controlled by your key. What we operate is the interface, the session key issuance, and the builder code routing. That is a small surface by design.

If our front-end is compromised tomorrow, an attacker can submit unauthorized orders against your session key — and the session key has no withdrawal authority. Your principal stays where it was, on HyperCore, controlled by your wallet. The blast radius of compromising us is bounded by what the session key can do, which is trade. We do not custody. We do not bridge. We do not hold a vault.

The lesson from Drift and Kelp is not that non-custodial wins. Both protocols were non-custodial. The lesson is that what wins is the protocol that minimizes how many things have to be defended. Less to attack, less to lose.