This Monday, Hyperliquid, one of the most prominent decentralized perpetual contract exchange platforms, encountered an unexpected situation regarding its bridge to Arbitrum, one of Ethereum’s largest layer 2 solutions.
The Hyperliquid bridge experienced an emergency shutdown after validators received erroneous data from multiple remote procedure calls (RPCs).
An Unprecedented Outage: Challenges in Data Synchronization
Hyperliquid explained that this incident was due to an extremely rare technical anomaly. One of the project’s pseudonymous developers, iliensinc, stated that a set of RPCs — protocols that connect users and applications to blockchain nodes — provided inconsistent data. This resulted in a loss of synchronization between the state of the Arbitrum blockchain and that of Layer 1, where transactions are verified.
This loss of synchronization automatically triggered an emergency lockdown mechanism, used as a last resort to protect user funds. Hyperliquid clarified that although the outage lasted approximately four hours, no funds were jeopardized.
Enhanced Protection Mechanisms
The Hyperliquid-Arbitrum bridge experienced two locking phases. After the first, which lasted four hours, a second, shorter one occurred about an hour after the bridge reopened. This locking mechanism relies on Hyperliquid’s L1 validators, continuously monitoring the state of the Arbitrum blockchain via several major RPCs. If these validators detect inconsistencies, they can vote for an immediate closure of the bridge to prevent potential security vulnerabilities.
The incident highlighted the robustness of the security protocol implemented by Hyperliquid. Although only two validators are required to vote for bridge closure, all four active validators unanimously decided to temporarily lock the bridge.
A False Positive, but a Necessary Alert
The global lockdown mechanism is cautious, as the loss of user funds is a much worse outcome than occasional downtime.
According to iliensinc, the bridge closure was actually a false positive triggered by inconsistent data from a set of RPCs that provided outdated information. While temporal discrepancies between endpoints are not uncommon on a high-speed network like Arbitrum, it is extremely rare for multiple RPCs to align exactly on these outdated data. This is what triggered the lockdown.
Although the situation turned out to be a false positive, Hyperliquid emphasized that the lockdown mechanism remains an essential measure, as the loss of user funds would be a far more severe scenario than a few hours of downtime. It was the first incident of its kind since the platform’s launch, which boasts nearly $700 million in total locked value.
Corrective Actions and Security Guarantees
To prevent future occurrences of such incidents, Hyperliquid announced that improvements will be made to the monitoring process. The goal is to prevent future false positive triggers without compromising user security. An update to the RPC infrastructure is also being considered to better handle these edge cases.
Despite this interruption, it is important to highlight that all user funds remained secure. Hyperliquid was able to react promptly with the help of the Arbitrum team to identify and resolve the issue.