Hot-wallet signer flag

Hyperliquid's assessment for RD-F-030 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Hyperliquid's hot validator set signs withdrawals with online keys by design - hot-wallet usage is structural, not incidental. Cold-wallet set holds administrative override keys. The hot/cold split is the architecture; persistent hot-key signing creates ongoing compromise risk at ~$3.58B Arbitrum Bridge2 TVL (2026-05-07).

Sources #

GitHub
Bridge2.sol constructor — hot/cold validator parametersBridge2.sol sourceretrieved 2026-04-28
URL
Hyperliquid Security: Beyond Orderbooks & Into ArchitectureQuillaudits security analysisretrieved 2026-04-28
URL
https://api.llama.fi/protocol/hyperliquidretrieved 2026-05-06

Methodology #

Determine whether ≥1 multisig signer address exhibits on-chain behavior consistent with a hot wallet (web-wallet signing pattern, no hardware signing indicators).

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperliquid factor RD-F-030 score yellow collected_at 2026-04-28 13:58:49