Over 1200 addresses on Hyperliquid, a decentralized perpetual futures exchange, were reportedly compromised in a phishing attack within a 60-day period, as reported on June 6, 2025. The attack involved a single signature that upgraded Externally Owned Accounts (EOAs) to a 1-of-1 multisig, granting the attacker full control. This was not a hack of Hyperliquid’s platform but a phishing scheme targeting users who signed malicious transactions, likely through deceptive websites or dApps.

A list of compromised addresses was shared by @lukecannon727 on X, who urged affected users to provide details of any HyperEVM apps or websites they interacted with to identify the attack source. The list is accessible via a link shared in posts on X, but I cannot directly provide or access the spreadsheet due to platform limitations. Users were advised to check if their address is on the list and to avoid signing unverified or non-human-readable transactions. Hyperliquid confirmed no platform exploit occurred, and user funds remained secure if not directly compromised by the phishing attack.

The phishing attack compromising over 1200 addresses on Hyperliquid in June 2025 exposed critical implications for users and highlighted a stark divide in security practices within the DeFi ecosystem. Below, I outline the implications for Hyperliquid users and the broader divide in security practices, drawing on the incident’s context and general cybersecurity insights. The attack involved a malicious signature that upgraded Externally Owned Accounts (EOAs) to a 1-of-1 multisig, granting attackers full control.

Affected users likely lost access to funds, with potential losses in the millions, given Hyperliquid’s high-leverage trading environment. Posts on X suggest attackers exploited the platform’s infrastructure, amplifying financial damage. Recovery is challenging, as DeFi platforms often lack centralized recourse mechanisms. Users who signed phishing transactions may have no way to reclaim stolen assets, underscoring the high-stakes nature of DeFi interactions.

The incident damaged Hyperliquid’s reputation as a secure decentralized exchange. Sentiment on X, such as @GracyBitget’s comparison to FTX, reflects user skepticism about the platform’s integrity. Trust erosion could lead to reduced user activity and liquidity, impacting Hyperliquid’s HYPE token value, which reportedly dropped post-incident due to security concerns. Compromised addresses expose users to follow-on attacks, such as targeted spear-phishing or ransomware, as attackers may have harvested sensitive data (e.g., private keys).

Users who reused credentials across platforms face heightened risks of cross-platform exploitation, a common issue in phishing aftermaths. Phishing exploits human psychology, creating fear and urgency to trick users into signing malicious transactions. Affected users may become wary of DeFi platforms, reducing adoption or engagement. The incident underscores the need for user education, as many fell for deceptive dApps or websites, indicating low awareness of phishing tactics.

The Hyperliquid phishing attack reveals a significant divide in security practices between vigilant and vulnerable users, as well as between DeFi platforms and traditional financial systems. This divide manifests in several ways: Some users employ robust security practices, such as verifying transaction details, using hardware wallets, and avoiding untrusted links. These users are less likely to fall for phishing scams, as they recognize red flags like misspelled URLs or urgent requests.

Many Hyperliquid victims likely lacked cybersecurity knowledge, signing transactions without scrutiny. Research shows less experienced internet users struggle with novel phishing attacks, a factor evident in this incident. Gen-Zers, for instance, are more susceptible to phishing on platforms with persuasive cues, which may apply to DeFi interfaces.

The gap in cybersecurity literacy creates a two-tiered user base. Educated users mitigate risks, while others remain easy targets, amplifying attack success rates. Regular training and simulated phishing campaigns could bridge this gap but are underutilized in DeFi communities. Leading DeFi platforms invest in smart contract audits, real-time transaction monitoring, and user education to combat phishing. For example, some implement multi-factor authentication (MFA) or warn users about risky transactions.

Hyperliquid’s reliance on four validators raises centralization concerns, potentially weakening its resilience to attacks. The lack of transparent security protocols or proactive anti-phishing tools may have exacerbated the incident’s impact. Platforms with centralized control or minimal security investment lag behind those prioritizing decentralized, audited systems. Hyperliquid’s closed-source operations contrast with fully decentralized platforms, highlighting a security maturity gap.

Banks and financial institutions use layered security (e.g., MFA, email filtering, fraud detection) and offer recourse for fraud victims. Regulatory compliance ensures accountability, reducing phishing success rates. DeFi’s decentralized nature shifts responsibility to users, who must secure private keys and verify transactions. Phishing attacks exploit this, as seen in Hyperliquid, where users signed malicious contracts without platform intervention.

DeFi’s user-centric security model contrasts with traditional finance’s institutional safeguards, creating a higher risk environment. Bridging this requires DeFi platforms to adopt hybrid security models, like real-time alerts or insurance protocols, which Hyperliquid lacked. Some DeFi platforms and users quickly report phishing attempts, share compromised address lists (as @lukecannon727 did), and collaborate to trace attack vectors.

Hyperliquid’s response was criticized as inadequate, with comparisons to FTX’s mismanagement. Users who fail to report or change compromised credentials prolong their exposure. Proactive incident response minimizes damage, while delayed or absent action exacerbates losses. The Hyperliquid case highlights the need for standardized DeFi incident response plans, akin to traditional cybersecurity frameworks.

The Hyperliquid attack underscores phishing’s enduring threat in DeFi, where social engineering exploits human fallibility. Unlike traditional hacks, phishing requires no technical breach, making it low-cost and high-impact for attackers. The divide in security practices reflects broader challenges in DeFi’s maturation, where innovation outpaces security adoption. Adopt MFA, hardware wallets, and transaction verification habits. Participate in security awareness training to recognize phishing cues (e.g., urgent requests, unfamiliar domains). Check platforms’ security audits and validator distribution before engaging.

For Hyperliquid and DeFi Platforms

Implement real-time monitoring and anti-phishing alerts to flag suspicious transactions. Conduct regular smart contract audits and decentralize validator control to reduce single points of failure. Educate users through in-platform prompts and simulated phishing drills. Develop industry standards for incident response and user protection, balancing decentralization with safety.

Foster collaboration between platforms, regulators, and cybersecurity experts to combat state-sponsored or sophisticated phishing campaigns. The Hyperliquid incident is a wake-up call for DeFi’s security divide. Closing this gap requires collective action to empower users, strengthen platforms, and align DeFi’s security with its decentralized ethos.

Sebastian Siemiatkowski, the CEO of Swedish fintech company Klarna, has warned that the rise of artificial intelligence could spark a recession, as white-collar workers are increasingly displaced by new technologies.

“There will be an implication for white-collar jobs,” Siemiatkowski said during an episode of The Times Tech podcast. “And that usually leads to at least a recession in the short term. Unfortunately, I don’t see how we could avoid that with what’s happening from a technology perspective.”

While many voices in the AI industry and beyond have raised concern over the looming threat to professional jobs, Siemiatkowski’s warning stands out as one of the first from a major tech executive to explicitly link that displacement to the possibility of a recession. His comments are a stark shift from the more optimistic narratives often pushed by tech firms, who prefer to frame AI adoption as a tool for unlocking human potential rather than eliminating it.

At Klarna, the transformation is already well underway. The company has downsized from about 5,500 employees to 3,000 in just two years, a contraction that Siemiatkowski attributes directly to efficiency gains powered by AI.

Klarna has been one of the most aggressive adopters of artificial intelligence among consumer-facing financial firms. In February 2024, the company announced that its AI assistant, developed using OpenAI technology, was handling tasks previously managed by 700 customer service agents.

By late 2023, Klarna had also imposed a hiring freeze, and Siemiatkowski declared in a Bloomberg interview that AI was already capable of performing “all of the jobs” humans do. But earlier this year, the CEO appeared to backtrack slightly, admitting during a gathering at Klarna’s Stockholm headquarters that the automation push may have gone too far.

“From a brand perspective, a company perspective, I just think it’s so critical that you are clear to your customer that there will always be a human if you want,” he said, suggesting the company would return to modest hiring.

While Siemiatkowski’s remarks have added urgency to the debate, he is not the only high-profile figure warning of AI’s disruptive potential on white-collar labor.

Dario Amodei, CEO of leading AI lab Anthropic, has been even more blunt. In a statement earlier this year, Amodei projected that artificial intelligence could eliminate up to 50% of entry-level white-collar jobs within the next five years.

“We, as the producers of this technology, have a duty and an obligation to be honest about what is coming,” he said.

Anthropic’s Chief Product Officer, Mike Krieger, also cautioned that entry-level roles — particularly in engineering — are becoming increasingly difficult to justify. According to him, firms are shifting towards experienced hires who can work alongside AI tools rather than compete with them.

“You want people who know how to delegate work to machines and evaluate the output critically,” Krieger said, adding that future job functions may center more on overseeing and refining what AI systems produce.

While labor disruptions caused by technology have historically taken time to ripple through economies, the scale and pace of AI’s advancement — coupled with its focus on office-based, knowledge-heavy roles — introduces new risks that haven’t been fully mapped out. The risks now have gone beyond displacement to contemplate a broader economic fallout, recession, according to Siemiatkowski’s warning.

Many white-collar professions, once considered protected from automation, are now increasingly vulnerable. Analysts, paralegals, marketing specialists, journalists, junior engineers, and customer support agents are among those already seeing job descriptions rewritten or roles made redundant.

Klarna’s case shows how quickly the shift can occur. With fewer staff and higher productivity per employee, companies are becoming leaner — but also potentially triggering a domino effect on consumer spending, household income, and job creation, especially in economies heavily reliant on service-sector employment.

“I don’t want to be one of those CEOs who downplay the consequences of AI,” Siemiatkowski said. “I want to be honest, I want to be fair, and I want to tell what I see so that society can start taking preparations.”

Whether policymakers, businesses, or workers are prepared to deal with the structural transformation that AI is already bringing remains an open question. But if Siemiatkowski is right, the economic implications may arrive sooner and hit harder than many had anticipated.