It’s the holiday season, but crypto doesn’t take any breaks. North Korea has its eye on Hyperliquid, and it turns out decentralization matters after all. We also look at Solana’s Metaplex and an upcoming L2, INTMAX, that Vitalik thinks is the “next great thing.”

Metaplex protocol fees:

Solana token-creation infrastructure protocol Metaplex hit record highs in November 2024. It generated $3.5m in protocol fees, the highest in its history. The surge was fueled by 1.4m newly minted fungible tokens (FTs), a 56% month-over-month increase that marked an all-time high.

Notably, Metaplex — though not consumer-facing — emerged as the fifth most active protocol on Solana, with ~880k unique wallets signing transactions in November (also a record). The spike was driven by memecoin activity, solidifying FTs as Metaplex's flagship product (1.4m FTs vs. 94k NFTs).

December activity is poised to follow closely. $2.1m in fees has already been recorded, powering a record repurchase of 6.8m MPLX tokens. For more details see Recent Research below.

— Macauley Peterson (X: @yeluacaM | Farcaster: @Macauley)

Hyperliquid is centralized

“You either die a hero, or you live long enough to see yourself become the villain.” — Harvey Dent

For Hyperliquid, it took all of 25 days since its highly acclaimed airdrop to run into a bout of controversy.

It started when Taylor Monahan (@tayvano), a security researcher at MetaMask, sounded the alarm on a series of Hyperliquid transactions made from North Korea-tagged wallets. Based on Monahan’s data, the wallets have accrued a $701k loss from ETH perps positions.

It’s a meager amount for a state-sponsored hacker group. But what got people in an uproar was the revelation that North Korea hackers were actively familiarizing themselves with the Hyperliquid platform, presumably to launch an impending hack.

Hyperliquid chain’s highly centralized validator set of four made it extra vulnerable to a potential hack, Monahan claims.

Hyperliquid’s liquidity is locked in a lock-and-mint style bridge from Arbitrum, where Hyperliquid used to exist as a perps DEX application.

When Hyperliquid migrated to its own Tendermint-consensus PoS L1 chain in March 2024, the team retained the lock-and-mint style bridge from Arbitrum, which remains the only way to onboard onto Hyperliquid today.

Based on Dune, the deposit bridge has seen a record high net outflow of $114.7m in USDC liquidity in the past day, though that is still a fraction of the remaining $2.22b in TVL.

Talks of a Hyperliquid hack are merely speculative at this time, but if one happened, here’s a rough sketch of how it would play out.

To successfully attack Hyperliquid’s bridge contract would require three out of its four validators to be compromised, as per a two-thirds quorum.

Should that happen, the natively minted USDC on Arbitrum could theoretically be frozen by Circle before the hackers were able to swap the stolen funds into an uncensorable asset like ETH.

That, however, requires Circle to act on issued court orders, a tedious and slow legal process that may offer the time sophisticated hackers need to execute an exit.

The hacker may choose to try and swap to USDC.e (Ethereum-native USDC tokens that were bridged to Arbitrum) onto the Ethereum L1.

“The only plausible path that would enable the Arbitrum security council as a line of defense would be if the hackers attempted to withdraw the funds through the canonical bridge, likely after swapping to ETH,” Matt Fiebach at Entropy Advisors told Blockworks.

“In this scenario, the elected Arbitrum Security would need to make the decision of whether effectively blocking this transfer was within their scope of ‘addressing critical risks associated with the Arbitrum protocol and its ecosystem’.”

Finally, it’s also worth noting that a hacker would have trouble finding the necessary liquidity venues to swap out of the stolen funds. $2 billion of liquidity would have to be spread across a variety of third-party bridges, which would cause massive slippages.

— Donovan Choy (X: @donovanchoy | Farcaster: @donovan)

INTMAX ‘privacy mining’

INTMAX is a stateless layer-2 solution built on Ethereum that combines zk proof tech, privacy and scalability in a payments-focused network. The result, the team says, is so efficient it can outscale centralized servers while keeping your balances and activity private.

Key to these claims is the eventual implementation of client-side transaction processing and ultra-low gas costs.

Vitalik Buterin called it “the next great thing” in a presentation earlier this year centered on reviving ideas from plasma-based architectures.

While these features are at the testnet stage, INTMAX is incentivizing advance participation with what it calls privacy mining, a degen-friendly way to earn rewards while bolstering network anonymity.

This isn’t your typical airdrop or gimmicky point system. Rewards are automatic and tied directly to your activity. Here’s the play: Simply deposit funds into the network and withdraw them later. That’s it.

You have to be comfortable with running a CLI, but the process appears straightforward. Bear in mind, earned ITX tokens will be non-transferrable until an unspecified future date.

— Macauley Peterson

Metaplex sees record revenue while MPLX lags

Despite the Metaplex token (MPLX) dropping 37% year to date, the protocol reported a record $3.5m in November fees, with December already tracking as its second-best month. Notably, 50% of fees repurchase MPLX, leading to a record 6.8m tokens bought back in November.

Trading at a P/E of ~7.2x — the lowest since March 2024 — Metaplex appears undervalued in comparison to financial benchmarks such as the S&P 500’s (30x P/E), let alone crypto’s often triple-digit multiples.

Upcoming catalysts like Aura and Eclipse could further boost 2025 performance.

For a detailed breakdown, check out Marc-Thomas Arjoon’s flashnote: Metaplex criminally undervalued.

• ZKsync-based derivatives platform GRVT launched its Mainnet Alpha Friday, becoming the first regulated hybrid DEX/CEX with self-custodial features. Key highlights include $15m first-hour trading volume, 30,000 KYC-verified users, a $4.2b institutional commitment and gas-free cross-chain transfers.

• Tim Kravchunovsky, CEO of Chirp, attributes crypto market turmoil to Fed hawkishness and US debt ceiling fears, but sees a potential Santa rally. In a comment to Blockworks, he said he views volatility as a trading opportunity. “For us, in the crypto industry, this selloff shouldn’t be seen as anything other than a natural part of the bull cycle.”