March 30, 2026 - EX-10.25 - 10-K: Annual report [Section 13 and 15(d), not S-K Item 405]

Exhibit 10.25

[Pursuant to Item 601(b)(10)(iv) of Regulation S-K, certain portions of this exhibit have been redacted. The redacted portions

are both not material and the type of information that the registrant treats as private or confidential.]

JOINT VALIDATOR OPERATORS’ AGREEMENT

(For Hyperliquid Active Validator Node)

THIS JOINT VALIDATOR OPERATORS’ AGREEMENT (including all schedules, annexes, and referenced protocols, this “Agreement” or “JVOA”) is being entered into as of October 27, 2025 (the “Execution Date”), nunc pro tunc to June 25, 2025 (the “Effective Date”), by and among HYPERION DEFI, INC. (formerly Eyenovia, Inc.), a Delaware corporation listed on Nasdaq, with its principal place of business located at 23461 South Pointe Drive, Suite 390, Laguna Hills, California 92653 (“Hyperion” or the “Company”), PIER TWO PTY LTD, a proprietary company limited by shares, registered in the State of Queensland, with its principal place of business located at 1/32 Cordelia Street, South Brisbane QLD 4101, Australia (“Pier Two”) and KINETIQ RESEARCH PTE. LTD., a Singapore private company limited by shares, with its principal place of business located at 68 Circular Road #02-01, Singapore 049422 (“Kinetiq Group”).

RECITALS:

WHEREAS, Hyperliquid is a high-throughput Layer-1 blockchain that features a fully on-chain central limit order book for spot and perpetual markets and HyperEVM, an Ethereum-compatible execution environment that inherits security from HyperBFT consensus;

WHEREAS, validator node operations are essential to Hyperliquid’s protocol security, decentralization, and economic integrity and require continuous monitoring and high-availability infrastructure to maintain active status and support network performance;

WHEREAS, Hyperion has established a strategic treasury of HYPE, the native token of the Hyperliquid network, and on or about June 25, 2025, announced the launch of an active, co-branded Hyperliquid validator known as “Kinetiq × Hyperion” (“KxH”), including all associated hardware, software, cryptographic keys, and configurations (the “KxH Node” or the “Node”);

WHEREAS, the Kinetiq Group develops and operates a native liquid-staking protocol for the Hyperliquid blockchain, which includes kHYPE, and the institution-focused iHYPE, together with StakeHub, an autonomous validator-scoring and stake-distribution engine designed to route stake toward high-performing validators and to support secure, auditable staking at scale.

WHEREAS, Pier Two is an institutional, non-custodial staking services and infrastructure provider of enterprise-grade validator hosting and technical operations utilizing hybrid cloud and bare-metal deployments with zonal redundancy and related uptime, monitoring, and security/availability practices, and maintains ISO/IEC 27001:2022 and SOC 2 (Type I & Type II) compliance for its validator infrastructure;

WHEREAS, Hyperion, the Kinetiq Group and Pier Two (each, a “Party,” and collectively, the “Parties”) intend to jointly operate the KxH Node by combining their complementary capabilities, including, Hyperion’s provisioning and management of staking capital from its HYPE treasury and public and public-company governance; Kinetiq Group’s validator-operations support, its liquid staking protocol engineering, smart-contract infrastructure, and stake-routing

tooling; and Pier Two’s validator hosting, site-reliability engineering, and security/availability practices, to promote reliable, secure, and performant Node operations on the Hyperliquid network;

WHEREAS, the Parties intend that this joint operators’ arrangement will preserve security, regulatory compliance, market credibility, and operational efficiency of the KxH Node, including by pairing token-holder liquidity and validator diversification enabled by Kinetiq Group’s liquid-staking protocol with Hyperion’s staked HYPE management knowledge and public-company reporting and governance protocol, and Pier Two’s continuously monitored, enterprise-grade infrastructure;

WHEREAS, the Parties further expect that their governance- and service-level-agreement (SLA)-driven operating framework will be robust during periods of market volatility, regulatory examination, and network upgrades, through clearly defined roles and responsibilities, performance objectives and monitoring, incident-response procedures, and accountability for any Slashing or penalties, as further set forth herein;

WHEREAS, in connection with the KxH Node and any additional Hyperliquid validator nodes the Parties may mutually designate, the Parties’ operational framework will include incident-response procedures and Slashing and penalty accountability, in each case aligned with a risk-managed security posture consistent with institutional best practices;

WHEREAS, the Parties’ legal and governance framework will include confidentiality and data-protection standards, appropriate insurance and indemnity undertakings, and governance, dispute-resolution, and termination mechanisms, together with regulatory and legal compliance commitments in the United States, Australia, Singapore and any other applicable jurisdictions; and

WHEREAS, the Parties desire to formalize their collaboration as joint operators of the KxH Node, including their respective responsibilities, reporting, performance metrics, monitoring, service-level expectations, appropriate remedies, risk-management practices, regulatory-compliance commitments, and the allocation of validator commissions and staking rewards generated by the Node on the terms and subject to the conditions set forth in this Agreement.

NOW THEREFORE, in consideration of the premises and of the mutual covenants and agreements herein contained, and intending to be legally bound, the Parties hereby agree as follows:

Section 1Recitals; Incorporation by Reference.

(a)The recitals set forth above (the “Recitals”) are hereby incorporated into, and made a part of, this Agreement as if fully set forth herein and may be used to construe the intent, context, scope, and subject matter of the Parties’ obligations under this Agreement.

(b)Each Party acknowledges and agrees that, as of the Effective Date, the factual statements in the Recitals that relate specifically to such Party (and not to the other Parties) are true and correct in all material respects.

(c)Capitalized terms used in the Recitals and not otherwise defined therein shall have the meanings given to them in Section 2 (Definitions); to the extent not defined in this Agreement, such terms shall be interpreted in their customary industry sense in the context of Hyperliquid validator operations.

(d)In the event of any conflict or inconsistency between the Recitals and the operative provisions of this Agreement, the operative provisions shall control; provided, however, that the Recitals shall continue to inform the interpretation of this Agreement to the maximum extent permitted without creating any independent covenant, obligation, or warranty beyond those expressly set forth in the operative provisions.

Section 2Definitions.

For purposes of this Agreement, the following capitalized terms shall have the meanings set forth below. Capitalized terms used and not otherwise defined herein have the meanings given elsewhere in this Agreement. Unless the context otherwise requires, definitions are applicable to both singular and plural forms.

“Active‑Set Validator” means a validator included in Hyperliquid’s active set of validators, currently the top twenty‑four by stake as of the Execution Date of this Agreement, such that it is eligible to produce and attest blocks in the Hyperliquid consensus protocol.

“Bonded HYPE” as used in this Agreement, refers to HYPE tokens that have been staked to the KxH Node Address and are available to participate in Hyperliquid staking on behalf of the Node. Bonded HYPE is subject to Hyperliquid’s staking rules and remains at risk of Slashing until unbonded in accordance with Hyperliquid’s bonding and unbonding rules.

“Business Day” means any calendar day other than a Saturday, Sunday or a day on which commercial banks in New York City are authorized or required by law to close. All time references herein are to New York local time unless expressly stated otherwise.

“DeFi” (decentralized finance) means the ecosystem of financial applications, products and services built on one or more distributed ledger networks and executed by self‑enforcing smart contracts, enabling peer‑to‑peer lending, borrowing, trading, asset management, payments and other financial activities without reliance on centralized intermediaries.

“Effective Bonded Amount” means, at any point in time, the total of all Bonded HYPE delegated to the KxH Node, including HYPE tokens bonded by third‑party delegators and by the Parties, as recorded and verifiable on the Hyperliquid blockchain explorer or via Hyperliquid’s official network API.

“Force Majeure Event” means an event or circumstance beyond the reasonable control of the affected Party that could not have been anticipated, controlled or avoided by the exercise of prudent business‑continuity and disaster‑recovery planning, and that prevents or materially impairs the performance of that Party’s obligations under this Agreement. Force Majeure Events include, without limitation: (i) acts of God, natural disasters or other major catastrophes; (ii) war, terrorism, civil unrest or insurrection; (iii) governmental or regulatory acts or sanctions; (iv) pandemics or

public health emergencies; (v) labor disputes or other industrial disturbances; (vi) failures or outages of telecommunications networks, power grids, data centers or hosting facilities not caused by the obligated Party; (vii) cyberattacks, hacking, distributed‑denial‑of‑service (DDoS) attacks or other malicious intrusions; and (viii) material changes to the Hyperliquid protocol (such as network‑wide hard forks or consensus upgrades) that the affected Party could not reasonably have anticipated or controlled.

“HYPE” means the native cryptocurrency of the Hyperliquid blockchain, which functions as the network’s governance and utility token. HYPE holders participate in protocol governance, pay gas fees for on‑chain operations and may stake HYPE to earn rewards while contributing to network security. HYPE has a fixed supply and is integral to the operation of Hyperliquid’s trading and staking ecosystem.

“Hyperliquid” means the decentralized perpetual‑futures exchange and DeFi platform built on its own custom Layer‑1 blockchain. Hyperliquid is designed from the ground up for trading, providing the speed of a centralized exchange with the transparency and security of a blockchain. It combines an on‑chain perpetual‑futures and spot trading engine (HyperCore) with an Ethereum‑compatible smart‑contract environment (HyperEVM) and uses a high‑throughput consensus mechanism known as HyperBFT.

“KxH Node” (or “Kinetiq×Hyperion Node” or “Node”) means the co‑branded validator on the Hyperliquid network operated pursuant to this Agreement, including all associated hardware, software, node keys and configurations. Identified at the following address 0xEEEe86F718F9Da3e7250624A460f6EA710E9C006 on the Hyperliquid Layer-1 blockchain.

“Jailing” means the temporary removal or suspension of a validator’s ability to participate in block production, attestation or other active-set duties by the Hyperliquid protocol or its authorized foundation/maintenance processes (including automated protective measures, heartbeat/time-out enforcement, protocol-level safety timeouts, or administrative control actions), where such removal: (i) is automatic or administrative in nature and intended to protect protocol consensus or network health (for example, for missed heartbeats, prolonged connectivity loss, node misconfiguration, or other non-byzantine failures); and (ii) does not by itself reduce or forfeit Bonded HYPE or otherwise constitute a punitive reduction of staked tokens under the protocol’s slashing rules but may result in missed rewards. For the avoidance of doubt, Jailing is distinct from a Slashing event and will only be treated as a Slashing event where the Hyperliquid protocol expressly imposes Slashing in addition to or consequent upon the Jailing action.

“KINETIQ” as used in this Agreement, shall mean the “Kinetiq” liquid staking protocol and/or the stake distribution engine, both individually or collectively, as the context may require, which are owned and operated by affiliates comprising the Kinetiq Group that are parties to this agreement.

“Major Decision” has the meaning set forth in Section 3.8(a).

“Minimum Active Stake” means the smallest amount of staked HYPE required by a Node in order to achieve and maintain status as an Active Set Validator (approximately 2,000,000 bonded HYPE as of the Execution Date of this Agreement). The Minimum Active Stake is a dynamic threshold

amount that is determined pursuant to Hyperliquid’s staking protocol and is subject to change as network conditions evolve.

“Node Address” (or “KxH Address”) means the unique Hyperliquid on‑chain address registered for the KxH Node. The Node Address holds and bonds HYPE, is linked to the Node’s public key for block signing, receives protocol‑level staking rewards (net of commissions) and initiates any unbonding or exit transactions.

“Operator Commission Pool” has the meaning given in Section 5.1(a) and comprises the aggregate staking commissions and other validator‑level payments credited by the Hyperliquid protocol to the Operator Fee Account for the KxH Node.

“Personal Data” means any information relating to an identified or identifiable natural person, as further defined in applicable data‑protection laws.

“Service Credit” (or “Service Credits”) means a monetary or token‑based credit awarded to Hyperion in respect of Pier Two’s failure to meet performance metrics set forth in the Service Level Agreement attached as Schedule A. Service Credits are calculated by applying the percentage penalties specified in Schedule A to the monthly fees or Shared Revenue distributions otherwise payable to Pier Two. Service Credits may be used to offset amounts due to Pier Two or redeemed in HYPE or U.S. Dollars at the conversion rate specified in Schedule A and will expire ninety (90) days after the end of the calendar month in which they were earned unless otherwise agreed.

“Shared Revenue” has the meaning given in Section 5.1(b) and comprises all amounts in the Operator Commission Pool together with any additional incentives, tokens or rewards accruing by virtue of operating the KxH Node, except as otherwise expressly provided.

“Slashing” means any on-chain punitive measure imposed by the Hyperliquid protocol that results in a reduction of Bonded HYPE, forfeiture of stake, or other economic penalty to the KxH Node (and its staked tokens) as a direct result of a protocol-recognized Validator Node or Node fault (for example, double-signing, equivocation, or other misconduct expressly defined by the Hyperliquid protocol as slashable). For the avoidance of doubt, protocol level Jailing is not a Slashing event in itself and does not reduce Bonded HYPE unless the Hyperliquid protocol separately and expressly imposes a slashing penalty.

“Unjailing” means the on-chain and/or off-chain remedial steps required to restore a Jailed Node to active participation under the Hyperliquid protocol rules, which may include root-cause remediation, manual or authorized key-holder action, completion of any protocol-imposed waiting period, and any administrative approvals required under the Key-Management Policy.

“Validator Node” means the technical and operational infrastructure registered on Hyperliquid under a node address and responsible for producing, validating and attesting to blocks pursuant to Hyperliquid’s proof‑of‑stake consensus protocol.

Other Terms. Additional terms may be defined elsewhere in this Agreement. All references to currency or tokens refer to HYPE unless otherwise stated. Terms should be construed according

to their ordinary meaning in the global digital‑asset industry and, where appropriate, by reference to interpretive materials of the U.S. Securities and Exchange Commission.

Section 3. Roles and Responsibilities of Co-Validators.

3.1Purpose and Scope.

This Section 3 sets forth the operating roles and responsibilities of the Parties in relation to the KxH Node (the “Node”) on the Hyperliquid network. Unless otherwise agreed in writing by all Parties, (i) responsibilities are limited to the KxH Node (and any additional Validator Nodes the Parties may later designate under this Agreement), and (ii) no Party shall have custody of another Party’s digital assets except as expressly authorized herein.

3.2Joint Responsibilities.

The Parties shall, acting in good faith and with commercially reasonable efforts:

(a)maintain an operational posture for the Node consistent with protocol rules, network-required participation standards, and industry security best practices;

(b)implement a change-management process for upgrades, parameter changes, and maintenance windows, including advance notice and rollback planning as set forth in Schedule A (SLA);

(c)maintain continuous monitoring and alerting for availability, performance, and security events, and retain operational logs and metrics for at least the period specified in the SLA;

(d)coordinate incident response, including triage, escalation, communication, and post-incident reviews with documented root-cause analysis and corrective actions;

(e)participate in on-chain and off-chain governance matters reasonably related to validator operations, seeking mutual agreement on governance votes that materially affect the Node;

(f)designate and keep current technical and business points of contact for 24×7 escalation; and

(g)keep and provide to one another accurate, non-misleading reports on Node performance and status, consistent with the SLA and any regulatory obligations.

3.3Hyperion Responsibilities.

Without limiting Section 3.2, Hyperion shall:

(a)Stake Provisioning & Network Participation. Provide and manage the staking capital from its HYPE treasury (directly or via an approved custodian), including coordinating increases or adjustments reasonably necessary to maintain active‑set eligibility and

respond to network‑driven changes in the Minimum Active Stake. Hyperion will monitor the Node’s ranking and performance and collaborate with the Kinetiq Group and Pier Two to keep the Node in the top‑24 active validators;

(b)Operations Coordination. Coordinate validator operations with Pier Two, including upgrade planning, parameter changes, and key management procedures, consistent with the key-management policy to be drafted pursuant to Section 3.6 and the provisions of Section 4 of this Agreement;

(c)Validator Operations Support & Infrastructure Coordination. Provide ongoing operations support for the KxH Node and coordinate infrastructure activities. This includes scheduling, planning upgrades, and parameter changes with Pier Two and the Kinetiq Group and ensuring the Node’s configuration aligns with the KINETIQ liquid‑staking protocols. The Kinetiq Group will not unilaterally operate validator hardware or hold node keys; instead, it will work with Pier Two to address technical issues and restore functionality;

(d)Regulatory & Public‑Company Compliance. Satisfy all applicable reporting, audit and disclosure obligations as a U.S. public company, and provide any KYB/AML confirmations or other compliance information reasonably requested by the Kinetiq Group or Pier Two to facilitate Node operations;

(e)Decision Participation. Participate in all Major Decisions (Section 3.8(a)), including approval of client software selection, changes to or effecting the Key‑Management Policy reference in Section 3.6 and/or the provisions of Section 4, and any other material parameter changes to this Agreement, including those contained in the Schedules hereto; and

(f)Non‑Interference & Liaison. Refrain from unilateral actions that could adversely affect the Node except as permitted in this Agreement. Maintain a named liaison to liaise with the Kinetiq Group and Pier Two on operational issues, the Key-Management Policy referenced in Section 3.6 and the provisions of Section 4 of this Agreement, other governance proposals, and emergencies; and remain reasonably available for consultation on all Major Decisions.

3.4Kinetiq Group Responsibilities.

Without limiting Section 3.2, the Kinetiq Group shall:

(a)Smart Contract & Liquid‑Staking Interface. Operate and maintain KINETIQ, the Kinetiq Group’s liquid‑staking interface and smart‑contract infrastructure (including kHYPE, iHYPE and successor products), ensuring the KxH Node’s integration into the Kinetiq ecosystem and communicating any changes through the agreed change‑management process;

(b)StakeHub & Performance Management. Utilize the KINETIQ validator‑scoring and stake‑distribution system (e.g. StakeHub) to support the KxH Node’s performance, visibility and network security. Provide Hyperion and Pier Two with relevant performance metrics and analytics and adjust delegation within StakeHub as appropriate to optimize returns and security, subject to joint approval where material;

(c)Reporting. Deliver periodic reports (not less than monthly, via online dashboard) summarizing staked assets routed to the KxH Node through KINETIQ products, validator health, any material on‑chain program changes, and StakeHub performance metrics;

(d)Operations Support & Infrastructure Coordination. Provide operations support for the KxH Node and coordinate with Hyperion and Pier Two regarding infrastructure activities. Ensuring the Node’s configuration aligns with KINETIQ liquid‑staking protocols. The Kinetiq Group will not unilaterally operate the KxH Node’s validator hardware or hold its node keys; instead, it will work with Hyperion and Pier Two to address technical issues and restore functionality with the KINETIQ products;

(e)Incentive & Program Coordination. Administer any KINETIQ incentive or rewards program associated with liquid staking (such as kPoints); and

(f)No Custody/No Unilateral Control. Refrain from taking custody of Hyperion’s digital assets or exercising unilateral control over the Node’s key material.

3.5Pier Two Responsibilities.

Without limiting Section 3.2, Pier Two shall:

(a)Provisioning & Hosting. Provision, host, and operate the validator infrastructure for the Node (hybrid cloud and/or bare-metal) with appropriate redundancy, failover, and zonal diversity;

(b)Day-to-Day Operations. Perform 24×7 monitoring, alerting, patching, and security updates across hardware, network, and software layers, and apply critical security patches within the target windows set in the SLA;

(c) Security & Key Protection. Implement and maintain enterprise-grade security controls, including DDoS mitigation, access control, and controlled storage/use of validator key material in HSM/MPC or functionally equivalent secure modules, consistent with the Key-Management Policy;

(d)Performance Standards. Meet or exceed the uptime, participation, and latency targets defined in the SLA; promptly investigate and remediate missed signatures or downtime;

(e)Incident Management. Lead technical incident response for infrastructure-related events, promptly notify the other Parties, and deliver incident reports (with root-cause and corrective actions) in accordance with the SLA;

(f)Slashing Safeguards. Maintain Slashing loss safeguards (such as insurance, technical deployments of infrastructure in a way that mitigates Slashing loss, or equivalent risk-transfer/financial protections) appropriate to its role and the SLA;

(g)Compliance Certifications. Maintain the information security certifications and controls represented in the Recitals (e.g., ISO/IEC 27001 and SOC 2) or functional equivalents, and notify the Parties of any material changes thereto;

(h)No Custody/No Unilateral Control. Refrain from taking custody of Hyperion’s digital assets or exercising unilateral control over the Node’s key material; and

(i)Jailing Management. Monitor Jailing alerts regarding the Node in near real time and shall not perform any Unjailing steps without following the incident notification timelines in the SLA and/or notifying Parties as set out in the SLA. Pier Two shall not intentionally cause or accelerate Unjailing of the Node where doing so would risk Slashing.

3.6Key-Management Policy; Separation of Duties.

(a)The Parties shall adopt a written key-management policy (a “KMP”) governing the generation, storage, and use of the Node’s cryptographic keys. Unless otherwise agreed in writing: (i) validator signing occurs within HSM/MPC or substantially equivalent secure modules under strict non-export controls and (ii) any access to key material is logged and retained per the SLA.

(b)The Parties will maintain separation of key management duties so that no single Party can reconfigure signing quorum or make changes that reasonably risk double-signing or prolonged downtime.

3.7Change Management; Maintenance Windows.

The Parties shall follow the change-management process in the SLA, including: (i) scheduled maintenance windows with advance notice; (ii) emergency changes with prompt after-action reporting; and (iii) testing of upgrades in staging where practical before production deployment.

3.8Decision-Making; Major Decisions; Emergency Actions.

(a)Major Decisions. The following matters are Major Decisions requiring mutual written consent of all Parties: (i) migration of the Node to materially different infrastructure or geographic region; (ii) client software family changes or material parameter changes that affect security or performance; (iii) modification of commission rates or reward-sharing applicable to the Node; and (iv) any redelegation or withdrawal of Hyperion stake that would remove the Node from the active set (other than for approved emergency or termination).

(b)Operational Discretion. Subject to the SLA and this Section 3, Pier Two may make ordinary-course operational decisions (e.g., patching, log-level changes, failover between pre-approved sites) and the Kinetiq Group may make ordinary-course routing/tooling decisions (e.g., telemetry dashboards, analytics thresholds), in each case consistent with approved policies.

(c)Emergency Actions. If immediate action is reasonably necessary to prevent double-signing, slashing, or material degradation, Pier Two may take prudent emergency steps

(including temporarily pausing signing or failing over) and shall notify the Parties without undue delay and provide an incident report per the SLA.

3.9Reporting; Transparency.

(a)Operational Reports. Pier Two will deliver periodic operational summaries (e.g., weekly or monthly, as set in the SLA) including uptime, participation, incidents, upgrades applied, and capacity utilization;

(b)Program Reports. the Kinetiq Group will deliver periodic program reports (e.g., monthly) on stake routed via KINETIQ products (to the extent available), validator scoring, and any material program changes;

(c)Incident Notices. Material incidents (availability breach, security event, or potential slashing exposure) must be reported promptly and within the timeframe specified in the SLA; and

(d)Access to Dashboards. Each Party shall have authenticated access to agreed monitoring dashboards presenting near-real-time Node health metrics.

3.10Compliance with Protocol Rules and Law.

Each Party shall operate in compliance with (i) Hyperliquid protocol rules and standards applicable to validators; (ii) applicable laws and regulations (including sanctions, AML, and data-protection laws); and (iii) the Parties’ internal policies that have been disclosed to, and are not inconsistent with obligations to, the other Parties.

3.11Prohibited Actions.

No Party shall (i) intentionally double-sign or run conflicting validator instances; (ii) disable or circumvent monitoring or logging required under the SLA; or (iii) make unilateral changes reasonably likely to cause Slashing or the Node’s removal from the active set.

3.12Delegation; Subcontracting.

No Party may delegate or subcontract material obligations under this Section 3 without the prior written consent of the other Parties, except for (i) use of reputable cloud/data-center providers, DDoS/CDN vendors, and HSM/MPC providers in the ordinary course; and (ii) engagement of auditors or security specialists. Any permitted delegate or subcontractor shall be bound by written obligations at least as protective as those herein, and the engaging Party remains fully responsible for performance.

3.13Service Levels; Remedies.

Operational targets, measurement, reporting, service credits (if any), exclusions, and remedies for missed targets shall be as set forth in Schedule A (SLA). Nothing in the SLA limits any Party’s rights or remedies for gross negligence, willful misconduct, or breach of this

Agreement (including indemnity and insurance obligations to be set forth elsewhere in this Agreement).

3.14Records; Audit Cooperation.

Each Party shall maintain records reasonably sufficient to demonstrate compliance with this Section 3 and the SLA, and shall, upon reasonable prior notice and during normal business hours, cooperate with another Party’s reasonable requests for information or attestations necessary to verify performance or satisfy regulatory obligations, subject to confidentiality and data-protection commitments under this Agreement.

3.15Security, Privacy, and Compliance.

(a)Information Security Program. Each Party shall maintain a written information-security program appropriate to Node operations. Pier Two shall maintain ISO/IEC 27001 and SOC 2 (Type II or functional equivalent) for its validator-hosting environment and notify the Parties of any material change thereto. All Parties shall implement controls aligned with recognized frameworks (e.g., NIST CSF and, for any web apps/dashboards, OWASP guidelines).

(b)Encryption & Access Control. The Parties shall (i) encrypt Node Operational Data and Confidential Information in transit and at rest; (ii) enforce least-privilege access, multi-factor authentication for privileged access, and network segmentation for validator systems; and (iii) maintain vulnerability management and patching processes consistent with Schedule B (Information Security Addendum).

(c)Security Logging & Evidence. Security-relevant logs for validator systems and supporting services shall be retained for at least the period specified in Schedule B and made available to the other Parties for audit/verification under confidentiality. Upon reasonable request, Pier Two will provide executive summaries of third-party assessments and, where applicable, SOC 2 report excerpts or bridge letters.

(d)Data Privacy & Cross-Border Transfers. Each Party shall comply with applicable data-protection laws (including GDPR, CCPA/CPRA, and APPs). Cross-border transfers of Personal Data (if any) processed under this Agreement shall use appropriate legal mechanisms (e.g., SCCs or equivalent). If a Party processes another Party’s Personal Data on its behalf, the Parties shall execute a Data Processing Addendum (attached as Schedule C) and follow its terms.

(e)Use & Minimization; Reporting. The Parties shall use Personal Data (if any) solely for Node operations, apply data-minimization, and avoid combining on-chain data with off-chain identifiers to target natural persons. Off-chain reports shared externally shall, where practicable, use aggregation or pseudonymization to avoid identification of individuals.

(f)Security Incidents. Each Party shall notify the others without undue delay (and, in any event, within the timeframe set in Schedule B) upon confirming a Security Incident affecting the Node, Node Operational Data, or Personal Data, and will cooperate in investigation, mitigation, regulatory notifications, and post-incident review.

Section 4.Cryptographic Key Management & Validator Governance.

4.1Purpose; Model.

This Section establishes the Parties’ governance and control of the cryptographic material, policies, and procedures necessary to operate the Node. The Parties shall transition from a sole-custody model to a multi-party, quorum-based MPC/HSM framework that prevents unilateral control and reduces single-point-of-failure risk. In the event of a conflict between the provisions of this Section 4 and the KMP to be adopted pursuant to Section 3.6, the KMP shall control.

4.2Ownership & Control Principles.

(a)Stake vs. System Control. Hyperion is the economic owner of its staked HYPE and all rights to the ownership of the Node upon the termination of this Agreement; however, after the Transition Period has passed (as provided in Section 4.3), the Node shall become and remain a co-operated validator instance, and no Party shall possess unilateral key signing power during the balance of the Term of this Agreement.

(b)Quorum Rule. Unless otherwise agreed in writing, validator control actions require a 2-of-2 quorum among Hyperion and Pier Two.

(c)Separation of Duties. Operational roles are split so that infrastructure operation (Pier Two), protocol/tooling orchestration (the Kinetiq Group), and stake governance (Hyperion) are interdependent.

4.3 Transition to MPC/HSM; Timeline.

The Parties shall complete the migration from sole-custody to the MPC/HSM model within sixty (60) days of the Execution Date (the “Transition Period”), using a provider mutually agreed in writing. During the Transition Period, continuity and no-Slash operation are paramount; the Parties will stage changes to avoid downtime.

4.4Quorum & Roles.

(a)Default Quorum: 2-of-2 (Pier Two + Hyperion) for control-plane actions.

(b)Emergency Quorum: If needed to prevent double-signing, Slashing, or material compromise, P2 + one of (HYP or KIN) may take temporary emergency actions, with prompt notice and post-incident review.

(c)Major Decisions: Any change to quorum size/weights, any Joint Operator change and any re-keying event shall require unanimous written consent.

4.5Key Generation; Storage; Non-Export.

The Node’s cryptographic key material shall be generated by Hyperion. All use occurs inside HSM/MPC or functionally substantially equivalent secure modules enforcing non-

export controls. Storage, backups, and access controls shall comply with Schedule B and applicable provisions of the KMP to be established pursuant to Section 3.6.

4.6Use Controls; Policy Engine.

All key usage is governed by a policy engine that enforces quorum approvals, role-based access, MFA, geo/IP restrictions, time-bound approvals, and audit logging. Policy edits follow the quorum rules above.

4.7Incidents; Compromise.

Security incidents implicating validator control are handled under Schedule B timelines and applicable provisions of the KMP to be established pursuant to Section 3.6. Confirmed or likely key compromise mandates rotation and any prudent emergency steps to protect the Node; evidence preservation is required.

4.8Audit; Evidence; Reporting.

Each Party shall maintain records sufficient to demonstrate adherence to this Section 4 and Schedule B, and the KMP to be established pursuant to Section 3.6, including policy audit trails, access logs, and incident RCAs, retained for at least five (5) years.

4.9Change of Control; Personnel Changes.

A Party experiencing change of control, key-personnel loss, or access-credential compromise shall notify the others without undue delay and cooperate in any re-authorization or rotation required to maintain quorum security.

4.10Costs; Insurance.

Each Party shall bear all respective expenses and costs of MPC/HSM providers and required audits/penetration tests. Pier Two maintains Slashing loss safeguards per Section 3.5(f); the Kinetiq Group and Hyperion maintain coverage appropriate to their roles.

4.11Precedence.

If a conflict arises, this Section controls governance and allocation of authority; the KMP to be prepared pursuant to Section 3.6 shall control technical procedures; Schedule B controls security controls and breach timelines; and this Agreement controls economics and remedies.

4.12Ethical Conduct and Delegator Communication.

(a)In performing their key‑management and validator‑operations duties, the Parties acknowledge a collective duty to act in the best interests of the Hyperliquid network’s security, the Node’s staking delegators, and the broader ecosystem.

(b)The Parties shall maintain transparency regarding Validator governance and key‑management practices and shall, upon reasonable request from any delegator or stakeholder, provide a concise summary of (i) the Validator governance policies applicable to the Node, (ii) the key‑management protocols in force, and (iii) recent audit findings or high‑level compliance reports, except to the extent that disclosure would reveal Confidential Information, privileged material, or proprietary security details.

(c)Information shared under this Section 4.12 shall omit sensitive operational details, such as specific key‑share locations, private quorum parameters or security configurations, that could compromise the security of the Node or the Parties’ infrastructure.

Section 5.Revenue Sharing; Operator Commission Pool, Allocations and Distributions.

5.1Definitions.

For purposes of this Section 5, the follow capitalized terms shall have the meanings ascribed thereto in this Section 5.1.

(a)Operator Commission Pool shall mean the aggregate of all staking commissions and other validator-level payments credited by the Hyperliquid protocol to the Operator Fee Account for the Node.

(b)Operator Fee Account shall mean the fee account associated with the KxH Node, net of any protocol-level fees or taxes.

(c)Shared Revenue shall mean: (i) all amounts in the Operator Commission Pool; and (ii) any other economic benefits, tokens or rewards that accrue to the Parties by virtue of operating the KxH Node, including without limitation promotional incentive tokens, programmatic rewards (such as the Kinetiq Group’s “kPoints”), MEV tips or block-builder payments, protocol subsidies, airdrops and referral bounties, unless a program or grant explicitly designates those benefits to a specific Party or relates to that Party’s activities unrelated to the KxH Node. The Parties intend that all economic value arising from operation of the KxH Node is shared in accordance with this Section 5, provided that sharing is feasible and does not violate program terms.

5.2Allocation of Shared Revenue.

(a)Base Share. Subject to Section 5.2(b), Shared Revenue will be allocated among the Parties as follows:

(i)Hyperion:50 %

(ii)Kinetiq Group:25 %

(iii)Pier Two:25 %

These percentages reflect the Parties’ agreement, taking into consideration their respective contributions and risk allocation among other factors. For clarity, this base split applies to all Shared Revenue other than the portion subject to a referral override under Section 5.2(b).

(b)Pier Two Referral Override. For commissions or other Shared Revenue attributable to HYPE delegations that are verifiably referred to the KxH Node by Pier Two (the “P2 Referral Commissions”), the allocation shall be:

	(i)	Pier Two:	50 %

	(ii)	Kinetiq Group:	25 %

	(iii)	Hyperion:	25 %

Pier Two’s referral override reflects the Parties’ agreement that Pier Two will undertake specific efforts to introduce delegators to the KxH Node. For the avoidance of doubt, this override applies only to such referral commissions; and all distributions of Shared Revenue earned from all other activities and sources shall follow the basic percentages set forth in Section 5.2(a). Any similar override for delegators referred by another Party, or the procedures for verifying referral sources requires mutual written consent of the Parties.

(c)No Adjustment for Stake Variations. The percentages set forth in Section 5.2(a) and Section 5.2(b) will remain fixed and shall not change due to increases or decreases in the amount of a Party’s Bonded HYPE.

5.3Distribution Mechanics.

(a)If the Hyperliquid protocol permits multiple commission recipients or configurable fee parameters, the Parties shall configure the KxH Node’s settings to pay each Party’s share of Shared Revenue (including any referral override) directly to the Party’s designated wallet. These settings shall not be modified without the prior written consent of all Parties.

(b)On‑Chain Split. If the Hyperliquid protocol permits multiple commission recipients or configurable fee parameters, the KxH Node’s settings will be configured to pay each Party’s share of Shared Revenue directly to its designated wallet; no changes to these settings may be made without all effected Parties’ written consent.

(c)Off-Chain Distribution. Until a direct on-chain split is available, the Operator Fee Account will receive the entire Operator Commission Pool. Hyperion is authorized, on behalf of the Parties, to withdraw from the Operator Fee Account solely to distribute Shared Revenue in accordance with this Section 5. Hyperion shall hold amounts owed to the Kinetiq Group and Pier Two in trust and remit each Party’s share to its designated wallet or bank account within fourteen (14) Business Days after the end of each calendar month (or another mutually agreed-upon interval). Hyperion shall not retain any portion of the Operator Commission Pool beyond its agreed share. Pending distribution, Hyperion shall not use funds held in trust for its own purposes.

(d)Wallet Information and Delivery. Each Party shall provide a valid on-chain wallet address (and, if applicable, off-chain banking details) at least five (5) Business Days before the first distribution. If a Party’s designated wallet is invalid or unreachable for ten (10) Business Days or more, distributions to that Party may be suspended until updated information is provided, and Hyperion shall hold undistributed amounts in trust until disbursed.

(e)Form of Payment; Conversion Costs. Distributions shall be made in HYPE or any successor native token. Each Party is solely responsible for any fees and costs associated with converting HYPE into fiat currency or other assets (including gas fees, exchange fees, wire transfer fees and any applicable taxes), and Hyperion shall have no obligation to gross up distributions to cover such costs.

(f)Taxes and Reporting. Each Party is responsible for its own tax reporting and liabilities arising from Shared Revenue and shall maintain its own records of cost basis and conversions. Hyperion shall provide reasonable information upon request to assist the Kinetiq Group and Pier Two with their tax obligations (such as total tokens earned and fair-market values at the time of distribution). The Parties shall cooperate as necessary to meet regulatory reporting requirements.

5.4Records and Transparency.

(a)Monthly Statements. Hyperion shall maintain complete and accurate records of the Operator Fee Account and all distributions. Within five (5) Business Days following each calendar month, Hyperion shall deliver to the Kinetiq Group and Pier Two a statement detailing: (i) total amounts credited to the Operator Fee Account; (ii) any network-level fees or taxes deducted on-chain; (iii) the resulting net Operator Commission Pool; (iv) the allocation of Shared Revenue (including the amounts subject to the referral override); and (v) the amounts distributed to each Party.

(b)Audit Rights. Each Party may, at its own expense and on reasonable notice, request an accounting or audit of the records relating to Shared Revenue not more than once per calendar year, unless Hyperion’s records reveal a material discrepancy. Hyperion shall grant access to relevant records and cooperate in good faith with such requests.

(c)Dispute Resolution. Any dispute regarding the calculation or distribution of Shared Revenue shall be resolved pursuant to the dispute-resolution procedures in this Agreement. Until a dispute is resolved, undisputed amounts shall continue to be distributed in accordance with this Section 5.

5.5Additional Incentives and Promotional Tokens.

(a)Inclusion in Shared Revenue. If the KxH Node receives any tokens or rewards outside of standard staking yields, such as promotional incentive programs offered by Hyperliquid or KINETIQ, programmatic rewards like kPoints, grants, bonuses from foundations, protocol subsidies, or airdrops, the Parties will treat such benefits as part of Shared Revenue and share them in accordance with Section 5.2, unless (i) the benefits are explicitly designated for a single Party by the awarding entity or (ii) sharing would be infeasible or contrary to the program’s terms. The Parties will confer in good faith to determine an equitable approach to distributing such benefits consistent with the 50/25/25 principle (and any agreed referral overrides).

(b)Notification. Hyperion shall promptly inform the Kinetiq Group and Pier Two of any additional incentives or rewards it becomes aware of that may constitute Shared Revenue, and vice versa. The Parties will cooperate to capture and distribute such value appropriately.

5.6No Waiver of Other Remedies.

The remedies in this Section 5 are in addition to, and do not limit, any other rights or remedies a Party may have under this Agreement, including indemnity claims arising from mismanagement of the Operator Commission Pool or failure to allocate Shared Revenue as required herein.

5.7Expenses and Costs.

(a)General rule. Each Party shall bear all expenses and costs it incurs in performing its obligations under this Agreement, except as expressly deducted from Shared Revenue pursuant to Section 5 or as otherwise provided in the SLA.

(b)Compensation for Kinetiq Group and Pier Two. The twenty‑five percent (25 %) share allocated to the Kinetiq Group and the twenty‑five percent (25 %) share allocated to Pier Two under Section 5.2(a) constitute full compensation to those Parties for all expenses incurred by them respectively that are associated with operating the KxH Node. For the avoidance of doubt, such expenses include, without limitation, (i) in the case of Pier Two, any costs of server hosting, power, bandwidth, data‑center facilities and related infrastructure, and (ii) in the case of the Kinetiq Group, any personnel, software development and maintenance costs for managing the Node and interfacing with KINETIQ staking products. Hyperion’s fifty percent (50 %) share under Section 5.2(a) is therefore a net amount, and Hyperion shall not be charged any additional fees or costs for the Node’s operation except as provided in subsection (c) below.

(c)Third‑Party Costs and Fees. If there arise any third‑party costs or fees directly related to the KxH Node that are not covered by the Kinetiq Group’s or Pier Two’s respective shares, such as validator‑registration fees imposed by the Hyperliquid network or costs for external insurance that the Parties mutually determine to procure (i) such expenses shall not be incurred without Hyperion’s prior written approval, and (ii) if approved, the Parties shall decide whether to deduct the expense from Shared Revenue prior to distribution (in which case each Party will bear the expense in proportion to its revenue share) or to pay the expense out‑of‑pocket in such proportions as the Parties may agree in writing. Unless and until Hyperion approves otherwise, no deduction for third‑party expenses shall be made from Shared Revenue, and the Parties do not anticipate any such deductions.

(d)No Implied Reimbursements. Except as expressly provided in this Agreement, no Party shall be entitled to reimbursement or additional compensation from any other Party for costs or expenses incurred in connection with the KxH Node.

Section 6.Minimum Active Stake and Validator Lifecycle

6.1Initial Stake; Minimum Active Stake.

The Parties acknowledge that, as of the Effective Date, Hyperion bonded 10,000 HYPE to register the KxH Node and an additional approximately 1,500,000 HYPE to attain status as an Active Set Validator (collectively, the “Initial Stake”). The Node’s continued qualification as an Active Set Validator is contingent upon maintaining at least the Minimum Active Stake (as defined in Section 2), a dynamic threshold determined by the Hyperliquid protocol (approximately

2,000,000 Bonded HYPE as of the Execution Date of this Agreement). Maintaining active validator status will typically require attracting sufficient delegated HYPE from third-party token holders (e.g., via the KINETIQ stake-routing protocol or similar mechanisms) in addition to any Bonded HYPE contributed directly by the Parties.

6.2No Obligation to Meet Minimum Active Stake.

Each Party acknowledges and agrees that no Party shall have any obligation to provide additional Bonded HYPE (or any other capital) for the purpose of achieving or maintaining the Node’s Minimum Active Stake. In particular, Hyperion is not obligated to: (i) bond additional HYPE to make up any Shortfall between the Node’s total Bonded HYPE and the Minimum Active Stake; (ii) maintain its Initial Stake (or any portion thereof) at any particular level; or (iii) bond any specific amount of HYPE beyond the ten thousand (10,000) Bonded HYPE required under the Hyperliquid protocol to keep the Node registered. The Parties further agree that the failure of the Node to meet the Minimum Active Stake at any time shall not, in and of itself, constitute a breach of or default under this Agreement by any Party.

6.3Monitoring and Notification.

Hyperion shall continuously monitor the Node’s Bonded HYPE and the prevailing Minimum Active Stake. If at any time the Node’s total Bonded HYPE is, or is reasonably expected soon to become, less than the Minimum Active Stake (such that the Node’s status as an Active Set Validator is at risk or has been lost), Hyperion shall promptly notify the other Parties in writing. Such notice will include relevant information regarding the Node’s staking status (for example, the current Minimum Active Stake value, the Node’s Effective Bonded HYPE (as defined in Section 2) and ranking, and any applicable protocol grace period or epoch changes).

6.4Consultation Period.

Upon delivery of a notice pursuant to Section 6.3, the Parties shall promptly confer in good faith to evaluate potential actions to maintain or restore the Node’s Active Set Validator status. For a period of up to ten (10) Business Days following Hyperion’s notice (the “Consultation Period”), the Parties will consider possible remedial measures, which may include: (i) voluntary contributions of additional Bonded HYPE by one or more Parties; and/or (ii) efforts to secure additional delegated HYPE from third parties. During the Consultation Period, no Party shall be required to bond or contribute any additional HYPE, and any such contributions shall be entirely voluntary. The Parties shall use commercially reasonable efforts during the Consultation Period to minimize disruption to Node operations and to avoid any unnecessary loss of delegations or staking rewards.

6.5Hyperion’s Election to Terminate or Continue Node.

Notwithstanding anything to the contrary in this Agreement (including Section 3.8 and Section 10.2), if the Node remains unable to meet the Minimum Active Stake (or has lost its Active Set Validator status) following the Consultation Period, Hyperion may, in the exercise of its sole and absolute discretion, elect to: (i) terminate this Agreement and cease the operation of the Node, or (ii) terminate this Agreement and continue operating the Node (whether alone or together with one or more new co-operator partners). Hyperion shall give written notice to

the other Parties of its election under this Section 6.5, and any such election shall be effective immediately upon such notice (or on such later effective date as Hyperion may specify) without any further approval or consent required from the other Parties. If Hyperion elects to terminate this agreement and to continue operation of the Node, the Kinetiq Group and Pier Two shall withdraw from the Node operations and shall cooperate in good faith to facilitate the reorganization or transfer of the Node to Hyperion’s new operating arrangement. The Parties acknowledge and agree that Hyperion’s exercise of its rights under this Section 6.5 (including any decision not to contribute additional stake or to terminate the joint operation of the Node) shall not constitute a default or breach of this Agreement by Hyperion, and no Party shall have any claim against Hyperion for such a decision.

6.6Unbonding and Transition.

If Hyperion terminates this Agreement or withdraws from the joint operation pursuant to Section 6.5, the Parties shall cooperate to effect an orderly transition in accordance with this Agreement. Without limiting the generality of the foregoing, such transition shall include: (i) Hyperion (and any other Party) may unbond its staked HYPE from the KxH Node in its sole discretion without any penalty or liability to any Party, and the Kinetiq Group and Pier Two shall not impede such unbonding and shall promptly provide any cryptographic keys, credentials, or permissions necessary to facilitate the unbonding of stake or transfer of Node control; (ii) Pier Two shall continue to operate (or, if so directed by Hyperion, safely deactivate) the KxH Node during any unbonding period, exercising commercially reasonable care and adhering to the Service Level Agreement in Schedule A to avoid any Slashing or other protocol penalties until the Node is fully decommissioned or transitioned; (iii) the Parties shall coordinate the handover of all operational responsibilities, data, and access credentials (including implementing any required key rotations or transfers in accordance with the KMP referenced in Section 3.6) to facilitate either the shutdown of the Node or the seamless continuation of the Node’s operations by Hyperion (alone or with new partners) without material disruption; and (iv) all Parties shall promptly update or remove public references to the KxH Node and to the Parties’ roles as joint operators of the Node, so as to accurately reflect the Node’s new status or the Parties’ separation from the Node, consistent with Section 10.7 (Branding) and Section 11.5 (Publicity).

6.7No Reliance on Voluntary Contributions.

Each Party acknowledges that if any Party (including Hyperion) at any time voluntarily bonded or contributed HYPE to the Node in excess of that which it was obligated to contribute, such contribution was made at that Party’s sole discretion and creates no obligation for any future contributions. No past voluntary contribution of Bonded HYPE by any Party shall be construed to create any expectation or reliance by another Party that similar contributions will be made in the future, nor shall any such voluntary action be deemed to establish any course of dealing that could give rise to an estoppel or otherwise limit any Party’s right to refrain from making additional contributions going forward.

Section 7Risk Management, Slashing and Indemnification.

7.1Acknowledgment of Inherent Risk.

The Parties acknowledge that operating a validator on a proof‑of‑stake network such as Hyperliquid involves inherent risks, including the possibility of Slashing, unplanned downtime, software bugs, network attacks and other forms of loss or liability. The Parties will exercise commercially reasonable best efforts to avoid any incidents, with the understanding that staking HYPE is not without risk to the staked tokens. The Parties therefore agree to exercise a high standard of care and to proactively manage and mitigate risks, consistent with the security and operational practices set forth in this Agreement, Schedule A (SLA) and Schedule B (Information Security Addendum).

7.2Slashing Events and Penalties.

(a)Investigation and Notification. If the Hyperliquid protocol imposes a Slashing penalty on the KxH Node or levies any other validator‑level penalty, or the Node is Jailed, Pier Two shall immediately notify Hyperion and the Kinetiq Group, in accordance with the SLA, of the incident in writing (email or other agreed electronic means). Pier Two shall investigate the root cause without delay and, within twenty‑four (24) hours of the slashing event, deliver an initial written report to the Parties summarizing the known facts, likely cause and magnitude of the penalty. A more detailed incident report containing root‑cause analysis and proposed remediation steps shall be provided within five (5) Business Days.

(b)Compensation for Fault‑Based Slashing. If a Slashing event results in a loss of Hyperion’s staked HYPE or rewards and the cause of such event is determined to be the fraud, gross negligence, willful misconduct or failure to meet material contractual obligations of the Kinetiq Group or Pier Two (or both jointly), then the party (or parties) at fault shall compensate Hyperion for up to one hundred percent (100%) of the lost stake and/or lost rewards attributable to the Slashing incident, subject to the Slashing Liability Limit (“Damages”). The Parties agree that the total aggregate liability of each Party in connection with a Slashing event that results in Damages shall be limited to an amount equal to twenty four (24) times the total fees received by the at-fault Party (or Parties) in the calendar month immediately preceding the date of the incident giving rise to the claim for a Slashing event (the “Slashing Liability Limit”). Damages shall be payable to Hyperion in HYPE (or the U.S. Dollar equivalent on the day of the relevant event, at Hyperion’s option) within five (5) Business Days of the Slashing event or, if insurance proceeds are involved, within two (2) Business Days after payment of the insurance claim. The Parties may agree to apply available insurance or Slashing‑protection funds first, however, ultimate responsibility for the Damages rests with the at‑fault Party or Parties; and if insurance is insufficient, the at-fault Party or Parties shall make up any shortfall, subject to the Slashing Liability Limit.

(c)Shared Responsibility for No‑Fault Slashing. If a Slashing event arises from circumstances beyond the Parties’ reasonable control, such as a protocol‑level bug, network‑wide failure or other incident that does not result from any Party’s negligence, losses shall be allocated in proportion to the Parties’ Shared Revenue shares. In such a “no‑fault” scenario Hyperion would bear fifty percent (50%) of the Slashed amount through reduction of its stake, and the Kinetiq

Group and Pier Two would bear the remaining fifty percent (50 %) through loss of future rewards, in each case, up to the Slashing Liability Limit. The Parties may agree to use insurance or voluntarily apply a portion of the Kinetiq Group’s and Pier Two’s future Shared Revenue to mitigate Hyperion’s loss, but no Party is contractually obligated to do more than share the loss proportionally. Nothing in this subsection limits the Parties’ compensation obligations under Section 7.2(b) where fault is present.

7.3Mitigation and Remediation.

Upon a Slashing incident, the Kinetiq Group and Pier Two shall, as soon as reasonably practicable, take appropriate steps to prevent further penalties. Such actions may include pausing validator operations, applying security patches, migrating stake to a backup validator, or following any guidance from the Hyperliquid core developers. They shall keep Hyperion informed in real time regarding the mitigation steps and any impact on the Node. Hyperion agrees to cooperate as reasonably required, such as assisting with redelegations—but is under no obligation to increase its stake unless mutually agreed. After remediation, the Parties will review the effectiveness of the response and update procedures accordingly.

7.4Resumption or Termination After Slashing.

Following a Slashing event, the Parties will confer in good faith to decide whether to continue to jointly operate the KxH Node. If the cause has been identified and rectified (e.g., a misconfiguration corrected, a bug patched), the Parties may continue operations with additional safeguards. However, Hyperion shall have the right to terminate this Agreement immediately, without penalty, if a significant slashing undermines its confidence in the Node’s operation. Any compensation due under subsection 7.2(b) does not preclude continued operation but is intended to make Hyperion whole for its losses, subject to the greater of the Slashing Liability Limit and any available insurance payout. If the Agreement is terminated due to slashing, post‑termination procedures in Section 10 (or the relevant termination section) will apply, in addition to any compensation obligations under this Section 7.

7.5Liability for Other Losses and Indemnification.

Except for Slashing events covered in Section 7.2, if a Party’s gross negligence, willful misconduct or breach of this Agreement causes direct losses to another Party, the responsible Party shall indemnify, hold harmless and compensate the affected Party for such direct losses limited to an amount equal to twelve (12) times the total fees received by the at-fault Party in the calendar month immediately preceding the date of the incident giving rise to the claim (“General Liability Limit”). For example, if negligence by a Party leads to extended downtime that causes the KxH Node to drop out of the active set and miss substantial rewards, the at-fault Party shall compensate the other Party or Parties for the lost rewards to the extent such losses can be reasonably estimated, up to the General Liability Limit. The Parties agree to mitigate damages where possible and to cooperate in good faith to resolve and compensate such losses in an equitable manner. Except in cases of willful misconduct or negligence, no Party shall be liable to another for indirect, consequential or punitive damages (including speculative trading losses or stock‑price effects).

7.6Insurance and Risk Transfer.

Pier Two shall maintain commercially reasonable insurance coverage for its validator‑operations, including Slashing‑loss insurance (where available and if Slashing is activated on Hyperliquid) and professional indemnity insurance such as errors and omissions (E&O) insurance and cyber‑security insurance. Upon execution of this Agreement and written request from Hyperion, and upon each renewal, Pier Two shall provide Hyperion with certificates or other written evidence of such insurance and shall use reasonable endeavors to obtain endorsements naming Hyperion as an additional insured and/or loss payee where Pier Two holds insurances relevant to this Agreement. The existence of insurance does not relieve Pier Two of its obligations to indemnify and compensate Hyperion under this Section 7; rather, any insurance recovery shall be applied first to meet those obligations. If specialized Slashing insurance is unavailable or commercially unreasonable, the Parties acknowledge that Slashing risk shall be managed solely through the compensation mechanisms or technical Slashing prevention methods described herein. The Parties acknowledge that Slashing has not been implemented on Hyperliquid at the time of entry into this Agreement and that no Slashing insurance is required or available. The Kinetiq Group may, but is not required to, maintain similar insurance for its operational role. All Parties shall review insurance requirements annually and adjust coverage to reflect changes in the Protocol, industry standards or risk profiles.

Section 8Information Rights and Reporting

8.1Operational Reporting.

(a)Regular Updates. Pier Two shall provide Hyperion with regular updates on the Node’s status and performance as required under Section 3.9(a) (Operational Reports), including written reward reports, incident reports and other metrics.

(b)Additional information. Upon Hyperion’s reasonable request, Pier Two shall furnish additional data regarding the Node’s operations or performance metrics to the extent reasonably available without undue burden.

(c)Shared Dashboards. The Parties will continue to maintain shared dashboards or monitoring tools, as described in Section 3.9(d), so Hyperion has near real‑time visibility into the Node’s status, including block‑signing rate and uptime.

8.2Financial Reporting.

(a)Individual Bookkeeping. Each Party shall accurately account for the revenues and expenses associated with this Agreement on its own books.

(b)Cooperation with Hyperion’s Reporting. Kinetiq Group and Pier Two acknowledge that Hyperion is a publicly traded company and must satisfy periodic reporting obligations. They agree to cooperate with Hyperion’s reasonable requests for information necessary to meet such obligations under applicable U.S. securities laws and Nasdaq Stock Market rules, including confirming the amount of rewards earned in a quarter and providing representations regarding Node operations. In the event that the costs for Kinetiq Group and/or Pier Two become unreasonable in assisting Hyperion with its reporting obligations, Hyperion may

elect, in its sole discretion, to cover reasonable direct actual and verifiable costs incurred by Pier Two and/ or Kinetiq Group in complying with requests and audits under Section 8.

(c)Advance Notice and Confidentiality. Hyperion will, where practicable, provide advance written notice if it intends to disclose aspects of this Agreement in public filings beyond what has already been announced. Hyperion will take into account the confidentiality obligations in Section 9 and will seek confidential treatment or omit proprietary details whenever appropriate on the advice of its securities counsel.

8.3Audit Rights.

(a)Scope of Audit. Hyperion (or an auditor appointed by Hyperion, including its external financial auditor) may, upon reasonable written notice and during normal business hours, audit the relevant records of Kinetiq Group and/or Pier Two to verify the amount of Shared Revenue generated and distributed. The auditor’s inspection shall be limited to materials necessary to verify compliance with the economic terms of this Agreement and Hyperliquid’s staking protocol, and shall not extend to proprietary code or unrelated financial information.

(b)Confidentiality. The Parties may require the auditor to execute a nondisclosure agreement reasonably necessary to protect Confidential Information.

(c)Discrepancies. The Parties shall reconcile any discrepancies in good faith. If a Party underpays amounts due by more than one percent (1%), that Party shall promptly remit the underpayment with interest accruing at the prime rate as published in The Wall Street Journal (or similar business daily) from the date payment was due until the date of payment, and in the event of the discrepancy resulting in an underpayment of more than one percent (1%) was caused by the relevant Parties’ fraud, willful misconduct or gross negligence, such Party will reimburse the reasonable audit costs of the other Party or Parties. Any overpayments shall be refunded or credited against future distributions, including accrued interest.

(d)Frequency. No Party may exercise its audit rights more than once per calendar year, unless a material discrepancy or violation is reasonably suspected.

8.4Coordination Meetings.

(a)Monthly Check‑Ins. The Parties will hold coordination calls or meetings on a monthly basis, ordinarily on or before the fifth Business Day of each month, to review the prior month’s SLA performance reports, discuss upcoming Hyperliquid network upgrades or governance proposals and address any other business matters raised by a Party.

(b)Quarterly Executive Reviews. At least one executive‑level review meeting shall occur each calendar quarter between Hyperion and Kinetiq Group, with participation from Pier Two as needed, to evaluate the success of the arrangement, address concerns and plan any adjustments by mutual consent.

(c)Escalation of Unresolved Matters. If Hyperion and Kinetiq Group cannot reach consensus on a matter requiring joint decision, the issue shall be escalated in accordance

with the dispute‑resolution procedures set forth in Section 12.2 (or any successor section) of this Agreement.

Section 9Representations and Warranties.

Each Party represents and warrants to the other Parties, as of the Effective Date, that the following statements are true and accurate and will remain true throughout the Term, unless amended by the Parties in writing.

9.1Authority and Organization.

Each Party is duly organized, validly existing and in good standing under the laws of its jurisdiction of formation and has full power and authority to enter into and perform this Agreement. The individuals signing this Agreement on behalf of each Party have been properly authorized. Execution, delivery and performance of this Agreement do not conflict with or violate any other agreement, charter document or law applicable to that Party.

9.2Ownership of Assets; Equipment.

(a)Hyperion. Hyperion is the sole beneficial owner of the HYPE tokens it will bond to the KxH Node, free and clear of any liens, encumbrances or claims that would prevent their staking, and has the legal right to bond and unbond such tokens as contemplated herein.

(b)Kinetiq Group and Pier Two. Kinetiq Group and Pier Two either own or will procure all equipment, software licenses and other resources necessary to perform their obligations under this Agreement. The use of those resources and performance of obligations under this Agreement will not infringe or misappropriate any intellectual‑property or proprietary rights of any third party.

9.3Legal Compliance and Sanctions.

No Party is subject to any order, sanction or legal restriction that would prevent it from engaging in the activities contemplated by this Agreement. Each Party will ensure that its activities under this Agreement do not violate applicable law, including securities laws, anti‑money‑laundering regulations and sanctions programs. Kinetiq Group and Pier Two each represent that they are not owned or controlled by any person or entity subject to U.S. sanctions and are not located in, or ordinarily resident in, any country subject to comprehensive U.S. sanctions.

9.4Performance; Skill and Care.

(a)Kinetiq Group and Pier Two. Each of Kinetiq Group and Pier Two represents and warrants to the other and to Hyperion that it possesses the knowledge, experience and skill to perform its respective duties in a professional and workmanlike manner and that it maintains the personnel, processes and systems necessary to competently manage its responsibilities for the operation of the KxH Node. Each hereby commits to exercise the standards of care and to the performance of their respective duties and the remedies required of it under this Agreement, including the provisions of Section 3 (Roles and Responsibilities), Section 7 (Risk

Management, Slashing and Indemnification) and the schedules. For its part, Pier Two does not warrant that its services will be uninterrupted or error‑free but commits to the standards and remedies in this Agreement, and in particular, to the standards and remedies that relate specifically to the performance of its responsibilities under Section 3 and Schedule A of this Agreement. In addition, each of Kinetiq Group and Pier Two represents that it has sufficient financial capacity (including through insurance, reserve funds or other means) to satisfy its indemnification and compensation obligations under Section 7, if a Slashing, loss of rewards, or any other loss is incurred by Hyperion as a result of its breach of this Agreement, up to the Slashing Liability Limit and/or the General Liability Limit, as applicable.

(b)Hyperion. Hyperion represents and warrants to Kinetiq Group and Pier Two that it maintains personnel capable of interfacing with Kinetiq Group and Pier Two as required and that it understands the fundamentals of staking so that it can perform its responsibilities under this Agreement.

9.5No Other Representations or Warranties.

The Parties acknowledge that staking returns are variable and subject to known and unknown conditions; and further, that the amount of Minimum Active Stake threshold necessary to achieve and retain the status of the Node as an Active Set Validator is dynamic and depends on network conditions. Accordingly, except as expressly set forth in this Agreement, no Party makes any other representation, warranties, or guarantees to any other Party, express or implied, including but not limited to any representation or warranty of outcome, or profitability of the KxH Node, or that any specific reward rate or range of reward rates is achievable or will be achieved. However, each Party represents and warrants to the other Parties that it will use commercially reasonable efforts to achieve the aforementioned outcomes. For its part, Pier Two does not warrant that its services will be uninterrupted or error‑free, but it commits to the standards and remedies applicable to its services, as set forth its Section 3 and Schedule A hereto.

Section 10Term and Termination

10.1Term.

This Agreement shall remain in force for an initial term of one (1) year beginning on the Effective Date (the “Initial Term”), unless earlier terminated in accordance with this Section. After the Initial Term, the Agreement will automatically renew on an annual basis (each, a “Renewal Term”) unless a Party provides at least ninety (90) days’ written notice of non‑renewal or the Agreement is otherwise terminated pursuant to this Section. The Initial Term and any Renewal Terms are referred to collectively as the “Term.”

10.2Voluntary Termination.

After the Initial Term, any Party may terminate this Agreement for any reason by giving ninety (90) calendar days’ written notice to the other Parties. The notice period is intended by the Parties for the orderly unbonding and shutdown or the migration of the KxH Node to Hyperion if Hyperion elects, in the exercise of its sole and absolute discretion to continue to operate the Node after the termination of this agreement, either alone or jointly with one or more new operators. During the notice period, the terminating Party must continue to fully and diligently

participate in the operation of the Node until the notice period ends, and the terminating Party shall cooperate in the termination or migration of the Node to the continuing operation by Hyperion, if applicable. The terminating Party shall bear any and all network‑imposed unbonding costs and/or liability to the other Parties with respect to any loss of rewards resulting from its voluntary termination of this Agreement; but the terminating Party shall not owe any termination fee to the other Parties

10.3Termination for Cause.

Any Party that is not in breach of its obligations under this agreement (the “Terminating Party”) may elect to terminate this Agreement effective immediately as of the end of the applicable Cure Period following written notice to a Party (the “Defaulting Party”) that has committed a material breach of this Agreement and fails to cure that breach within fifteen (15) calendar days after receiving such written notice from the Terminating Party reasonably describing the breach. Material breaches that have not been timely cured (each, and “Event of Default”) shall include, without limitation:

(i)

Failure by Hyperion to distribute Shared Revenue pursuant to Section 5;

(ii)

Failure by Pier Two to operate the KxH Node in accordance with Section 3.5 (e.g. unjustified prolonged downtime or failure to meet SLA metrics);

(iii)

Fraud, gross negligence or willful misconduct by any Party;

(iv)

Insolvency or commencement of bankruptcy or similar proceedings by any Party;

(v)

Misrepresentation of a material fact under Section 9; or

(vi)

The occurrence of a significant Slashing event or security incident, as described in Section 7.2.5.

If this Agreement is terminated by a Party for cause due to the occurrence of an Event of Default by another Party or Parties, the breaching Party or Parties will remain liable for any proven direct damages resulting from such Event or Events of Default, but not for lost future profits or speculative Damages; and the non-defaulting Terminating Party shall retain all rights to Damages and indemnities provided by this Agreement (including recovery of Slashed tokens or lost rewards), and as otherwise provided by applicable law or equity principals.

10.4Termination for Extended Force Majeure.

If a Force Majeure Event continues for more than thirty (30) consecutive calendar days, and such event materially impairs a Party’s ability to perform its fundamental obligations under this Agreement, any non‑affected Party may terminate this Agreement upon ten (10) Business Days’ written notice to the other Parties, without penalties or liability to the other Parties for such termination.

10.5Effects of Termination.

(a)Unbonding of Stake. Any Party, and specifically Hyperion, may unbond its HYPE from the KxH Node, in the exercise of its sole and absolute discretion and without any penalties or liability to the other Parties. The Kinetiq Group and Pier Two shall not impede

Hyperion’s ability to reclaim its stake and shall provide any keys or permissions necessary for such unbonding. Pier Two shall continue operating or carefully deactivate the KxH Node, as appropriate and in cooperation with Hyperion and shall use commercially reasonable care to avoid any penalties that could be imposed by the Hyperliquid protocol during any unbonding period.

(b)Final Rewards Distribution. Hyperion shall calculate any accrued but undistributed Shared Revenue as of the termination date. Each Party will receive its share of rewards earned up to termination, including rewards paid during an unbonding period. A final accounting and settlement shall occur within thirty (30) days after the KxH Node ceases operation or Hyperion’s stake is fully unbonded, whichever is later.

(c)Separation From or Winding Down the Node. Upon the termination of this Agreement, the Kinetiq Group and Pier Two shall coordinate and cooperate fully with Hyperion to either (i) shut down the KxH Node, or (ii) separate from the operations of the Node if Hyperion elects, in its sole and absolute discretion, to continue operating the Node either alone or jointly with one or more new co-node operators. The termination of this Agreement, and any continuation by Hyperion to operate the Node, shall be subject to the branding provisions set forth in Section 10.7 and the publicity provisions of Section 11.5.

(d)Return or Destruction of Materials. Each Party shall return or destroy the Confidential Information of the other Parties (at the Disclosing Party’s option), subject to the exceptions in Section 11.6. The destroying Party shall provide a written certificate of destruction upon request.

(e)Survival. Sections intended by their nature to survive termination, including Sections 4 (to the extent of final payments), 5.2(b), 5.3 (compensation and liability for incidents pre termination), 7, 9, 12 and the Schedules, shall remain in effect. Accrued payment obligations and indemnities also survive.

10.6Transition Assistance.

If Hyperion elects to migrate its stake to another validator or service provider upon termination or withdrawal under Section 6, the Kinetiq Group and Pier Two shall provide reasonable and prompt cooperation to facilitate the transition. This may include: (i) exporting validator performance data covering at least the prior one hundred eighty (180) days; (ii) delivering a handover report in a mutually agreed form; and (iii) coordinating the timing of unbonding and re-bonding so that Hyperion’s replacement validator can begin operation immediately after unbonding. Unless termination results from Hyperion’s material breach, the Kinetiq Group and Pier Two shall not charge any additional fee for transition assistance.

10.7Branding.

Upon the termination of this Agreement, all Parties shall update their respective public references to the Node after the termination of this Agreement to accurately reflect their respective relationship with or separation from the Node, as applicable.

Section 11.Confidentiality and Publicity.

11.1Confidential Information.

During the Term, the Parties may disclose or receive non‑public information relating to their businesses, technologies, finances or strategies (for example, Hyperion’s treasury plans, KINETIQ protocol roadmap or Pier Two’s security design). All such information that is marked as confidential or that should reasonably be understood as confidential given the nature of the information and the circumstances of disclosure is “Confidential Information.” The terms of this Agreement (including commercial terms and revenue‑sharing arrangements) are Confidential Information of all Parties.

11.2Obligations of Confidentiality.

A Party receiving Confidential Information (the “Receiving Party”) from another Party (the “Disclosing Party”) shall: (a) use the Confidential Information only to perform obligations or exercise rights under this Agreement; (b) not disclose it to any third party except as permitted by this Section; and (c) protect it with at least the same degree of care the Receiving Party uses to protect its own confidential information of similar importance, but no less than a reasonable degree of care. Access may be given only to employees, officers, contractors and advisors who need to know the information to perform under this Agreement and who are bound by confidentiality obligations at least as stringent as those herein. The Receiving Party shall be responsible for any breach of confidentiality by such persons.

11.3Exceptions.

The obligations above do not apply to information that the Receiving Party can demonstrate: (a) is or becomes publicly available through no wrongful act of the Receiving Party; (b) was independently developed by the Receiving Party without use of or reference to the Disclosing Party’s Confidential Information; (c) was rightfully received from a third party not bound by confidentiality; or (d) was already known to the Receiving Party before disclosure, as evidenced by written records.

11.4Permitted Disclosures.

A Receiving Party may disclose Confidential Information if required by law, regulation or court order, provided it gives prompt written notice to the Disclosing Party (unless prohibited by law) and cooperates to seek a protective order or other remedy. If disclosure is required, the Receiving Party shall disclose only the portion legally required and shall seek confidential treatment where available. Hyperion may disclose information about this Agreement in its regulatory filings to the extent required by law, subject to advance notice to the Kinetiq Group and Pier Two and reasonable efforts to obtain confidential treatment for sensitive terms.

11.5Publicity.

No Party shall issue press releases, case studies or marketing communications referencing another Party or this collaboration without prior written consent (email suffices), except for (i) factual listings of the names of the Joint Operators on public explorers, (ii) generic statements (that do not disclose proprietary or financial terms or other Confidential Information, and (iii) as required by the SEC, Nasdaq or other regulatory bodies. After termination of this

Agreement, the Parties shall remove or update all public references to the KxH Node and the Joint Operators, except as provided in Section 10.7 and Section 10.5(c).

11.6Duration and Return of Information.

Confidentiality obligations remain in effect for five (5) years after termination or expiration, except that trade secrets shall be protected indefinitely until they fall under an exception. Upon termination or upon the Disclosing Party’s request, the Receiving Party shall return or destroy the Disclosing Party’s Confidential Information, except that residual copies in backups may be retained subject to the confidentiality obligations, and one copy may be kept solely for legal or regulatory compliance purposes.

Section 12.Miscellaneous

12.1Governing Law; Venue.

This Agreement shall be governed by and construed in accordance with the laws of the State of Delaware, U.S.A., without regard to conflict‑of‑law principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply. Subject to Section 12.2, the Parties consent to the exclusive jurisdiction of the state and federal courts located in Delaware for any litigation arising out of or relating to this Agreement and waive any objection based on forum non conveniens.

12.2Dispute Resolution.

The Parties will first attempt in good faith to resolve any dispute under this Agreement through negotiation between senior executives. If unresolved within thirty (30) days of written notice of the dispute, the Parties will attempt mediation through a mutually agreed mediator, with costs shared equally. If the dispute is not resolved within an additional thirty (30) days, or if a Party refuses to participate, each Party may pursue any remedies at law or equity consistent with this Agreement. Notwithstanding this clause, any Party may seek interim injunctive relief or specific performance in any competent jurisdiction to prevent immediate and irreparable harm pending resolution of the dispute.

12.3Assignment and Change of Control.

No Party may assign, delegate or transfer this Agreement, in whole or in part, without the prior written consent of the other Parties, except as provided below. Hyperion, Pier Two, or the Kinetiq Group may assign its rights and obligations to an affiliate or successor upon written notice, provided the assignee has at least equivalent capability and agrees in writing to assume all obligations under this Agreement. The Kinetiq Group may not assign or subcontract its validator‑operations role to a third‑party operator (other than Pier Two, which is already a Party) without Hyperion’s prior written consent, which shall not be unreasonably withheld if the proposed operator has equal or greater capability and agrees to be bound by this Agreement. Any purported assignment in violation of this Section is void. This Agreement shall bind and inure to the benefit of the Parties and their permitted successors and assigns.

12.4Independent Contractors.

The Parties are independent contractors. Nothing in this Agreement creates a partnership, joint venture (despite the informal “co‑validator” terminology), agency or employment relationship. No Party has authority to bind another or incur obligations on its behalf. Each Party is solely responsible for its employees and contractors, including their compensation, benefits and compliance with law.

12.5Entire Agreement.

This Agreement, together with its Schedules and any exhibits, constitutes the entire agreement among the Parties with respect to its subject matter and supersedes all prior or contemporaneous understandings, proposals and communications, whether oral or written. There are no unwritten side agreements or promises relating to the KxH Node or Shared Revenue not contained herein.

12.6Amendment.

Any amendment or modification of this Agreement must be in writing and signed by all Parties (email or electronic signature is sufficient if clearly intended as an amendment). No amendment, waiver or modification of Sections 4 (Key‑Management and Governance), 5.7 (Expenses and Costs) or 7 (Risk Management, Slashing and Indemnification) is effective unless approved in writing by all Parties and, if applicable, entered into the validator’s governance records.

12.7Waiver.

No failure or delay by any Party in exercising a right, power or remedy under this Agreement constitutes a waiver. A waiver must be in writing and signed by the waiving Party. A single or partial exercise of a right does not preclude further exercise of that or any other right.

12.8Severability.

If any provision of this Agreement is held invalid, illegal or unenforceable by a court of competent jurisdiction, that provision shall be modified to the minimum extent necessary to make it enforceable. If modification is not possible, the provision shall be severed, and the remaining provisions shall continue in full force and effect. The Parties will negotiate in good faith to replace any invalid provision with a valid one that most closely reflects the original intent.

12.9Notices.

Notices and other communications required or permitted under this Agreement must be in writing and are deemed properly given: (a) upon receipt when delivered by hand or courier; (b) upon confirmed delivery when sent by certified or registered mail (return receipt requested); or (c) upon acknowledgement of receipt when sent by email, provided a copy is sent by one of the foregoing methods within one (1) Business Day. Notices shall be sent to the contact persons and addresses designated by each Party and may be updated by notice. Email notice is deemed received only upon acknowledgement by the recipient (excluding automated responses), or two (2) Business Days after sending if no acknowledgement is received.

12.10Survival.

Provisions that by their nature or by express terms are intended to survive termination, including but not limited to indemnities, liability provisions, confidentiality obligations, governing law, dispute resolution and accrued payment obligations, shall survive termination or expiration for at least five (5) years or such longer period as required by law or the nature of the obligation. Sections 4 (to the extent of final payments), 5.2(b), 5.3, 7, 9, and 12, and the Schedules survive termination.

12.11Counterparts and Electronic Signatures.

This Agreement may be executed in counterparts, each of which is deemed an original, and all of which together constitute one instrument. Signatures delivered by electronic means (scanned PDF, electronic signature platform, etc.) are binding and enforceable as originals.

12.12Schedules; Incorporation.

The following schedules are attached hereto and incorporated herein by reference, forming an integral part of this Agreement:

Schedule A — Service Level Agreement (SLA)

Schedule B — Information Security Addendum

Schedule C — Data Processing Addendum (if and to the extent required by applicable law)

Schedule D — RACI Matrix (Roles & Responsibilities)

In the event of any conflict or inconsistency between the body of this Agreement and any Schedule, the provisions of the Agreement shall govern, except where the Agreement expressly provides that the Schedule shall control as to its subject matter.

[Signature Page Follows.]

IN WITNESS WHEREOF, the Parties have caused this Agreement to be executed by their duly authorized representatives as of the Effective Date.

HYPERION:
Hyperion DeFi, Inc.
a Delaware corporation

By:
Name:
Title:

PIER TWO:
Pier Two Pty. Ltd.
an Australia proprietary company limited by shares

By:
Name:
Title:

KINETIQ GROUP:
Kinetiq Research Pte. Ltd.
a Singapore private company limited by shares

By:
Name:
Title:

[Signature page to Joint Validator Operators’ Agreement dated October 27, 2025]

Schedule A — Service Level Agreement (SLA) for KxH Node

Version 1.0 — Effective Date: October 27, 2025

THIS SERVICE LEVEL AGREEMENT (this “SLA” or this “Service Agreement”) forms part of the Joint Validator Operators’ Agreement (the “JVOA”) by and among Hyperion DeFi, Inc. (“Hyperion”), Kinetiq Research Pte. Ltd (the “Kinetiq Group”), and Pier Two Pty Ltd (“Pier Two”, and collectively with Hyperion and Pier Two, the “Parties”). This Service Agreement defines the service levels, performance metrics, measurement methods, monitoring, reporting, exclusions, and remedies applicable to the Hyperliquid validator jointly operated by the Parties and known as “Kinetiq × Hyperion” (the “Node”). Capitalized terms not defined in this Addendum have the meanings given in the JVOA.

A‑1.Scope and Hierarchy

This SLA governs operational performance for the Node and any additional Hyperliquid validator nodes the Parties expressly designate under the JVOA. In case of conflict or inconsistency: (i) the JVOA controls over this SLA; (ii) Schedule B (Information Security Addendum) controls over security control details; and (iii) this SLA controls over any operational runbook or dashboard notes.

A‑2.Service Windows, Measurement & Exclusions

A‑2.1Measurement Period: Calendar month (local time of the primary operations region).

A‑2.2Service Hours: 24×7×365.

A‑2.3Planned Maintenance: Up to 4 hours per calendar month per site, scheduled with at least 12 hours’ prior notice and executed within agreed maintenance windows; planned maintenance is excluded from Availability calculations.

A‑2.4Excluded Events: Availability calculations exclude downtime caused by: (a) a Force Majeure Event; (b) protocol‑wide issues or governance‑approved halts/upgrades on the Hyperliquid blockchain; (c) failures of upstream networks, custodians, or exchanges outside a Party’s reasonable control; (d) actions or omissions of another Party that violate the JVOA or the SLA (including unilateral stake withdrawal or redelegation contrary to the JVOA); (e) changes requested or approved by all Parties that inherently require downtime; (f) planned maintenance under A‑2.3; and (g) Jailing or the termination of the Node’s status as an Active-Set Validator that is both (i) initiated by Hyperliquid core protocol mechanisms or the Hyperliquid foundation as a network-protective measure or due to an unannounced Hyperliquid protocol upgrade; and (ii) not caused by the gross negligence or willful misconduct of or the occurrence of an Event of Default by a Party; provided, however, that Jailing events caused by a Party’s gross negligence, or willful misconduct, shall not be excluded and shall be treated as Unscheduled Downtime attributable to such Party.

A‑3.Definitions & Measurement Principles

Availability/Uptime: ((Total Minutes in Period − Excluded Minutes − Unscheduled Downtime) ÷ (Total Minutes in Period − Excluded Minutes)) × 100%.

Unscheduled Downtime A continuous interval ≥ 600 seconds during which the Node fails to perform validator duties for reasons attributable to the responsible Party.

Signing Participation (Block Production/Signing Success): 1 − (Missed Signing Events ÷ Expected Signing Events), as reported by protocol telemetry for the Node.

Operational Acknowledgment Time: Time from critical alert emission to human acknowledgment by the responsible operations engineer.

Alert Dispatch Time: Time from fault detection to alert delivery to the responsible on‑call channel/system.

Critical Patch Window: Maximum elapsed time from public disclosure/availability of a critical security patch for validator client/OS to successful deployment in production.

Security Incident, Personal Data, and other privacy terms have the meanings given in the JVOA and Schedule B thereto.

A‑4.Service Levels & KPIs

Targets are measured per calendar month unless otherwise noted. Remedies are cumulative where applicable, subject to the JVOA.

Metric	Definition / Measurement	Target / Threshold	Measurement Period	Responsible Party	Remedy/ (summary)
Availability / Uptime	As defined in A‑3; excludes events in A‑2.3/A‑2.4.	≥ 99.9% per mo.	Monthly	Pier Two (Ops)	Service credits against Operator Commission; RCA per B‑8; escalating credits at 99.9/99.5/ 99.0/98.0% tiers.
Signing Participation	Node missed‑signing rate per protocol telemetry.	≥ 99.5% per mo.	Monthly	Pier Two (Ops)	Service credits; corrective actions; performance review.
Operational Acknowledge- ment (SEV‑1)	Time from critical alert to human acknowledgment.	≤ 15 mins.	Per Event	Pier Two (Ops)	SLA breach; review at quarterly SLA meeting; additional credits if pattern.
Alert Dispatch Time	Time from fault detection to alert delivery to on‑call channel/system.	≤ 60 sec.	Per Event	Pier Two (Ops) / Kinetiq Group (monitoring)	SLA breach; tooling remediation plan.
Critical Patch Window	Time from disclosure/ availability of critical validator/ OS security patch to production deployment.	≤ 24 hrs.	Per Release	Pier Two (Ops)	Service credits; emergency change per §3.7; audit sample.
Program Reporting (Kinetiq Group)	Monthly summary of stake routed via KINETIQ products (to extent available); validator health trends; material program changes.	100% on-time	Monthly	Kinetiq Group	SLA breach; action items assigned; repeat failures escalate.

Operational Reporting (Pier Two)	Weekly or monthly summaries per the JVOA (uptime, participation, incidents, upgrades).	100% on-time	Weekly/ Monthly	Pier Two (Ops)	SLA breach; action items assigned; repeat failures escalate.
Security Incidents	Confirmed Security Incidents affecting Node/Operational Data/Personal Data (per Schedule B).	Target 0	Per Event	Proximate Party (Lead); Pier Two leads infra incidents	Incident response per B‑8; indemnity/ insurance per the JVOA; credits do not limit other remedies.
Privacy Breaches	Confirmed Personal Data breach under applicable law/DPA.	Target 0	Per Event	Proximate Party (Lead); Kinetiq Group leads app/data incidents	Breach notifications per law/DPA; indemnity per the JVOA; credits do not limit other remedies.
Dashboard Availability	Availability of agreed monitoring dashboards for Parties.	≥ 99.5% per mo.	Monthly	Kinetiq Group (admin) / Pier Two (feed)	Service credits (minor); tooling remediation.
Jail - Detection & Remediation	Time during which the Node is jailed and thereby unable to perform signing/attestation duties shall be treated as Unscheduled Downtime for SLA measurement unless the jailing is a protocol-level protective measure subject to A-2.4(g).	Acknowledge ≤ 5 minutes from telemetry/alert Remediation action initiated ≤ 30 minutes from acknowledgement.	Per event	Pier Two (Ops)	Pier Two: service credits (per A-5) for avoidable Jailing; immediate RCA per B-8 within 24 hours; corrective action plan within 48 hours. Protocol-initiated Jailing (excluded under A-2.4(g)) are not charged unless caused by a Party’s willful misconduct or gross negligence.

A‑5.Remedies & Service Credits

Service Credits apply to the Operator’s validator commission for the applicable month (or, if no commission is payable, to equivalent operational credits agreed by the Parties). Credits are the sole monetary remedy for SLA failures other than Security Incidents, Privacy Breaches, Slashing events attributable to a Party’s fault, gross negligence, willful misconduct, or material breach, all of which remain subject to the JVOA.

A‑5.1 Availability / Uptime Credit Tiers (per month):

Measured Availability	Credit (% of Operator Commission)	Notes
≥ 99.9%	0%	Meets target.
≥ 99.5% and < 99.9%	5%	Requires RCA and corrective actions.
≥ 99.0% and < 99.5%	10%	Management review at SLA meeting.
≥ 98.0% and < 99.0%	25%	Consider standby capacity increases.
< 98.0%	50%	May trigger governance remedies or reallocation.

A‑5.2Signing Participation Shortfall: add 10% credit if < 99.5% for the month (cumulative with A‑5.1).

A‑5.3Repeated SLA Failures: three consecutive months below target triggers a formal remediation plan and may permit additional remedies under the JVOA.

A‑6.Incident Management & Notification (summary)

SEV Classification and timelines are defined in Schedule B. Summary: (i) notify Parties without undue delay and within 2 hours for SEV‑1 Security Incidents or slashing‑threatening events; (ii) provide status updates at least every 4 hours for SEV‑1 until containment; (iii) deliver a written Root‑Cause Analysis within 5 business days of containment (or a preliminary report within 2 business days).

A‑7.Reporting, Reviews & Changes

A‑7.1 Reporting: Monthly SLA report delivered within 5 business days after month‑end; weekly summaries as agreed.

A‑7.2 Quarterly Reviews: The Parties will review SLA performance, action items, and any proposed changes at least quarterly.

A‑7.3 Changes: The Parties may amend this SLA by mutual written consent; thresholds and scopes may be tuned without amending the JVOA.

A‑8.Dependencies & Preconditions

The Parties’ maintenance of sufficient stake, custodian availability, and protocol eligibility are preconditions for certain metrics. Where a metric shortfall is directly attributable to unmet dependencies outside a Party’s reasonable control, the Parties will attribute responsibility accordingly.

Schedule B — Information Security Addendum

Version 1.0 — Effective Date: October 27, 2025

THIS INFORMATION SECURITY ADDENDUM (this “Addendum” or “Schedule B”) forms part of the Joint Validator Operators’ Agreement (the “JVOA”) by and among Hyperion DeFi, Inc. (“Hyperion”), Kinetiq Research Pte. Ltd (the “Kinetiq Group”), and Pier Two Pty Ltd (“Pier Two”) (collectively, the “Parties”). This Addendum specifies the minimum security and data protection requirements applicable the Hyperliquid validator jointly operated by the Parties and known as “Kinetiq × Hyperion” (the “Node”). Capitalized terms not defined in this Addendum have the meanings given in the JVOA.

B-1.Scope; Hierarchy

This Addendum applies to all systems, processes, and data relevant to Node operations. In case of conflict, this Addendum controls with respect to security measures, unless the JVOA explicitly provides otherwise.

B-2.Controls Baseline

Each Party shall maintain an information security program aligned with recognized frameworks, including NIST CSF and ISO/IEC 27001. Pier Two shall maintain ISO/IEC 27001 certification and SOC 2 Type II (or functional equivalent) for validator infrastructure.

B-3.Access Control

Access must follow the principle of least privilege, with multi-factor authentication for all privileged or remote access. Joiner/Mover/Leaver processes must be enforced, and secrets must be stored in secure managers (HSM, KMS, Vault).

B-4.Cryptography & Key Management

Data in transit must be encrypted with TLS 1.2+; at rest with AES-256 (or equivalent). Validator keys must be generated and stored in HSM/MPC systems with non-export policies and dual authorization.

B-5.Network Security

Validator systems must be segmented from general IT networks, protected by firewalls and DDoS mitigation. Monitoring and intrusion detection systems must be deployed on critical segments.

B-6.Patch Management

Critical vulnerabilities (CVSS ≥ 9) must be patched within 24 hours; high (7–8.9) within 7 days; medium (4–6.9) within 30 days; low (≤ 3.9) within 90 days. Testing in staging environments and rollback plans must be maintained.

B-7.Logging & Monitoring

Access logs must be centralized, tamper-evident, and retained for at least 12 months. Monitoring dashboards shall be accessible to all Parties, with near-real-time Node health metrics, and these operational Node logs will be retained for one (1) month.

B-8.Incident Response & Breach Notification

Each Party shall maintain an incident response plan. SEV-1 incidents must be reported within 2 hours of confirmation, with updates every 4 hours until containment, and a root-cause analysis delivered within 5 business days.

B-9.Business Continuity & Disaster Recovery

Disaster recovery plans must ensure an RPO of ≤ 1 hour and RTO of ≤ 4 hours for validator operations. Configuration backups must exclude validator key exports and support failover/failback across distinct sites.

B-10.Vulnerability & Penetration Testing

External and internal vulnerability scans must be conducted monthly. Annual third-party penetration tests are required, with executive summaries and remediation plans shared under NDA.

B-11.Data Protection & Privacy

Personal Data must be minimized and pseudonymized when shared externally. Transfers must use legal mechanisms (e.g., SCCs). If a Party acts as processor, the Data Processing Addendum (Schedule C) governs.

B-12.Third-Party & Vendor Risk

Critical third-party providers (e.g., cloud, data center, HSM/MPC, DDoS/CDN vendors) must provide SOC 2/ISO attestations where feasible. Vendors must be bound to confidentiality and data protection obligations.

B-13.Audit & Evidence

Upon request and under NDA, Parties must provide certificates, SOC 2 summaries, penetration test results, and attestations of compliance.

B-14.Exceptions

Any temporary deviations require written approval of at least two Parties (including the Party bearing the risk), with compensating controls and expiry date defined.

B-15.Updates

This Addendum may be updated by mutual written consent of the Parties. Non-material updates (e.g., successor standards) may be recorded by the Parties’ Security POCs and ratified at the next quarterly review.

[Signature page follows.]

IN WITNESS WHEREOF, the Parties have caused this Addendum to be executed by their duly authorized representatives as of the Effective Date.

HYPERION:
Hyperion DeFi, Inc.
a Delaware corporation

By:
Name:
Title:

PIER TWO:
Pier Two Pty. Ltd.
an Australia proprietary company limited by shares

By:
Name:
Title:

KINETIQ GROUP:
Kinetiq Research Pte. Ltd.
a Singapore private company limited by shares

By:
Name:
Title:

[Signature page to Schedule B – Information Security Addendum to the

Joint Validator Operators’ Agreement dated October 27, 2025]

Schedule C — Data Processing Addendum (DPA)

Version 1.0 — Effective Date: October 27, 2025

THIS DATA PROCESSING ADDENDUM (this “DPA” or this “Schedule C”) forms part of the Joint Validator Operators’ Agreement (the “JVOA”) by and among Hyperion DeFi, Inc. (“Hyperion”), the Kinetiq Research Pte. Ltd (“Kinetiq Group”), and Pier Two Pty Ltd (“Pier Two”) (collectively, the “Parties”). This DPA applies only to the extent a Party processes Personal Data on behalf of another Party in connection with the operations of the Hyperliquid validator jointly operated by the Parties and known as “Kinetiq × Hyperion” (the “Node”). Capitalized terms not defined herein have the meanings in the JVOA.

C-1.Roles; Applicability

C-1.1Roles. For purposes of applicable Data Protection Laws: a Party that determines the purposes and means of Processing Personal Data is a “Controller”; and a Party that Processes Personal Data on behalf of another Party is a “Processor.” Where a Party engages a Subprocessor, such Subprocessor acts under the Processor’s instructions.

C-1.2 Applicability. This DPA governs only the Processing of Personal Data in connection with the Node and related services as described in Annex I. To the extent the same Party acts as Controller for some Processing and Processor for other Processing, the relevant provisions apply to each role.

C-2.Definitions

“Data Protection Laws” means all laws and regulations applicable to the Processing of Personal Data under the JVOA, including the GDPR, UK GDPR, CCPA/CPRA, Australia’s Privacy Act 1988 and Australian Privacy Principles (APPs), and any analogous laws.

“Personal Data,” “Controller,” “Processor,” “Processing,” “Subprocessor,” “Data Subject,” “Supervisory Authority,” and other capitalized terms have the meanings given in the applicable Data Protection Laws.

C-3.Nature, Purpose, and Duration; Categories of Data

C-3.1Nature & Purpose. The Processing consists of limited operational contact and account data, security and audit logs, and telemetry necessary to operate, monitor, and secure the Node; administer access to dashboards; coordinate incident response; and comply with legal obligations.

C-3.2Data Subjects. Representatives and personnel of the Parties; authorized users with dashboard access; and, only if provided by a Party, external stakeholders involved in incident management or compliance.

C-3.3Categories of Personal Data. Names, business contact details, account identifiers, authentication artifacts (e.g., hashed IDs, role assignments), IP addresses, and security telemetry that may be linked to personnel. No special-category/sensitive data are intended to be Processed.

C-3.4Duration. For the term of the JVOA and for the retention periods specified in Schedule A (SLA) and Schedule B (Information Security Addendum), unless a longer period is required by law.

C-4. Controller Instructions; Processor Obligations

C-4.1Instructions. The Processor shall Process Personal Data only on documented instructions from the Controller, including with respect to international transfers, unless required by law (in which case the Processor shall inform the Controller unless legally prohibited).

C-4.2Confidentiality. The Processor shall ensure persons authorized to Process Personal Data are bound by confidentiality obligations.

C-4.3Security. The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as described in Schedule B (Information Security Addendum) and Annex II to this DPA.

C-4.4Assistance. Taking into account the nature of Processing, the Processor shall assist the Controller by appropriate technical and organizational measures, insofar as possible, to fulfill the Controller’s obligations to respond to Data Subject requests and to ensure compliance with Articles 32–36 of the GDPR and analogous provisions.

C-4.5Records and Audits. The Processor shall make available information reasonably necessary to demonstrate compliance with this DPA and shall allow for and contribute to audits conducted by the Controller or an independent auditor mandated by the Controller on reasonable notice, during normal business hours, and subject to confidentiality.

C-4.6Data Return/Deletion. Upon termination or at Controller’s written request, the Processor shall delete or return all Personal Data (and delete existing copies) within the timelines in Annex I, unless retention is required by law.

C-5.Subprocessors

C-5.1Authorization. The Controller grants general written authorization for the Processor to engage Subprocessors for the Processing described in Annex I, provided that: (a) the Processor imposes data protection obligations on the Subprocessor at least as protective as those in this DPA; and (b) the Processor remains fully liable for the Subprocessor’s performance.

C-5.2Notice & Objection. The Processor shall maintain Annex III (Subprocessors) and provide prior notice of material Subprocessor changes. The Controller may object on reasonable grounds within 10 days; the Parties will discuss in good faith to address the objection.

C-6. International Transfers

Where the Processing involves a transfer of Personal Data to a third country without an adequacy decision, the Parties shall implement appropriate transfer mechanisms, including the EU Standard Contractual Clauses (SCCs) and UK International Data Transfer Addendum (IDTA) as applicable. The Parties incorporate by reference the SCCs (Controller–Processor, Module 2; and where appropriate, Processor–Processor, Module 3) with Annexes populated by Annex I–III of this DPA.

C-7.Data Subject Requests

Taking into account the nature of the Processing, the Processor shall promptly notify the Controller of any Data Subject request and shall not respond except on documented instructions from the Controller,

unless required by law. The Processor shall provide reasonable assistance to enable the Controller to respond within statutory timeframes.

C-8.Security Incidents

The Processor shall notify the Controller without undue delay after becoming aware of a confirmed Personal Data Breach affecting Personal Data Processed under this DPA. For SEV-1 incidents or events with a credible risk of Data Subjects’ rights and freedoms, initial notice shall be given within 2 hours of confirmation, with status updates at least every 4 hours until containment, and a written root-cause analysis within 5 business days of containment (or preliminary report within 2 business days). Notification obligations here align with Schedule B.

C-9.Government and Third-Party Requests

Unless legally prohibited, the Processor shall notify the Controller of any legally binding request for disclosure of Personal Data by a governmental authority or any access requests from third parties. The Processor shall challenge unlawful or overbroad requests where reasonable.

C-10.Liability; Indemnity; Precedence

The Parties’ liability and indemnity obligations are governed by the JVOA. In the event of conflict between this DPA and the JVOA, this DPA shall control with respect to the Processing of Personal Data; provided that the EU SCCs/UK IDTA (where applicable) shall prevail over this DPA in the event of conflict.

C-11.Term; Termination

This DPA is coterminous with the JVOA. Either Party may terminate this DPA where the JVOA permits termination or where required by Data Protection Laws. Obligations that by their nature should survive termination shall so survive.

ANNEX I

To Schedule C – Data Processing

Details of Processing

Subject Matter:

Operation, monitoring, and security of the Node; access administration; incident response; compliance recordkeeping.

Duration:

For the term of the Agreement and retention periods in Schedules A/B, unless a longer period is required by law.

Nature & Purpose:

As described in C-3.1.

Types of Personal Data:

As described in C-3.3; no special-category data intended.

Categories of Data Subjects:

As described in C-3.2.

Deletion/Return Timeline:

Thirty (30) days from Controller request or termination, unless otherwise required by law.

Frequency of Transfers:

Continuous/occasional as needed for Node operations and dashboards.

Competent Supervisory Authority:

Determined per Controller’s establishment in the EEA/UK, if applicable.

ANNEX II

To Schedule C – Data Processing

Technical and Organizational Measures

The technical and organizational measures (TOMs) applicable to the Processing are set out in Schedule B (Information Security Addendum) to the Agreement and are incorporated here by reference.

At a minimum, TOMs include encryption in transit and at rest, access controls with MFA, HSM/MPC-based key protection, vulnerability management, logging and monitoring, incident response procedures, and business continuity/disaster recovery measures.

ANNEX III

To Schedule C – Data Processing

Authorized Subprocessors

The Processor’s authorized Subprocessors (if any) for the Processing under this DPA will be listed here or in a maintained URL or annex referenced by the Parties. Each Subprocessor shall be bound by written obligations at least as protective as those in this DPA.

List of Authorized Subprocessors

[Or identification of where/how the list is maintained.]

[Signature page follows.]

IN WITNESS WHEREOF, the Parties have caused this Addendum to be executed by their duly authorized representatives as of the Effective Date.

HYPERION:
Hyperion DeFi, Inc.
a Delaware corporation

By:
Name:
Title:

PIER TWO:
Pier Two Pty. Ltd.
an Australia proprietary company limited by shares

By:
Name:
Title:

KINETIQ GROUP:
Kinetiq Research Pte. Ltd.
a Singapore private company limited by shares

By:
Name:
Title:

[Signature page to Schedule C – Information Security Addendum to the

Joint Validator Operators’ Agreement dated October 27, 2025]

Schedule D — RACI Matrix (Node Operations)

THIS SCHEDULE D – RACI Matrix (the “RACI”) forms part of the Joint Validator Operators’ Agreement (the “Agreement”) among Hyperion DeFi, Inc. (“Hyperion”), the Kinetiq Research Lab. Pte. Ltd. (as defined in the Agreement), and Pier Two Pty Ltd (“Pier Two”) (collectively, the “Parties”).

Legend:

R = Responsible (does the work); A = Accountable (single owner of outcome); C = Consulted (two-way input); I = Informed (one-way updates); A* = Accountability is collective under the Agreement (e.g., §3.8(a) Major Decisions; §3.6 Key-Management Policy); “Own” = Each Party is accountable for that obligation as it pertains to its organization/scope.

Parties: HYP = Hyperion  KIN = Kinetiq  P2 = Pier Two

	Activity (summary)	Sec. Ref.	HYP	KIN	P2	Notes
1	Maintain Node ops posture (protocol rules, best practices)	3.2(a)	I	C	A/R	Day-to-day technical conformance sits with P2.
2	Change-management process (plan, notice, rollback)	3.2(b), 3.7	I	I	A/R	Day-to-day technical change-management conformance sits with P2.
3	Continuous monitoring & alerting; log retention	3.2(c)	I	I	A/R	Retention periods per SLA.
4	Incident response coordination & post-incident reviews	3.2(d)	I	I	A/R	P2 leads IR; KIN and HYP informed promptly.
5	Governance participation on validator-relevant matters	3.2(e), 3.8(a)	A*	A*	A*	A* = collective accountability; unanimous consent where required.
6	24×7 escalation contacts maintained	3.2(f)	A/R (own)	A/R (own)	A/R (own)	Each Party accountable for its own contact readiness.
7	Provide accurate performance/status reports to each other	3.2(g)	A/R (own)	A/R (own)	A/R (own)	Role-specific reports: ops (P2), program (KIN), public filings (HYP).
8	Stake provisioning/treasury mgmt. for Node	3.3(a)	A/R	I	I	Includes custodian coordination if applicable.
9	Public-company reporting & regulatory compliance	3.3(b)	A/R	I	I	KYB/AML confirmations to others on request.
10	Approvals for Major Decisions	3.3(c), 3.8(a)	A*	A*	A*	See list in §3.8(a); unanimous consent.
11	Non-interference with Node/active-set status	3.3(d)	A/R	I	I	HYP won’t unilaterally redelegate/withdraw contrary to Agreement.

12	HYP liaison for ops & emergencies	3.3(e)	A/R	I	I	Named contact.
13	Ops coordination with P2 (upgrades, params, etc.)	3.4(a)	I	A/R	C	KIN runs orchestration/calendar.
14	Operate KIN protocol tooling (kHYPE/iHYPE, StakeHub)	3.4(b)	I	A/R	C	Program & smart-contract infrastructure.
15	Validator scoring/routing to support Node performance	3.4(c)	I	A/R	C	Parameters aligned with SLA.
16	KIN program reporting (staked assets, validator health)	3.4(d)	I	A/R	I	Frequency per §3.4(d)/SLA.
17	No custody / no unilateral control by KIN	3.4(e)	I	A/R	I	Per Key-Management Policy.
18	Provision, host & operate validator infra	3.5(a)	I	I	A/R	Hybrid cloud/bare-metal with redundancy.
19	Day-to-day ops: patching, updates, monitoring	3.5(b)	I	I	A/R	Critical patch windows per SLA.
20	Security & validator-key protection (HSM/MPC)	3.5(c)	A/R	C	C	Non-export; controls per Key-Mgmt. Policy.
21	Meet performance targets (uptime, participation, latency)	3.5(d), SLA	I	I	A/R	Metrics/thresholds in SLA.
22	Lead technical incident management & reporting	3.5(e), SLA	I	I	A/R	RCA delivery timelines per SLA.
23	Slashing safeguards (insurance/risk transfer)	3.5(f)	C	C	A/R	Coverage level per SLA/insurance schedule.
24	Maintain ISO 27001 & SOC 2 (or equivalent)	3.5(g)	I	I	A/R	Notify material changes.
25	Adopt Key-Management Policy	3.6(a)	A*	R	R	Policy requires dual authorization; see §3.6.
26	Enforce separation of duties (no unilateral export/quorum chg.)	3.6(b)	A*	R	R	Joint accountability to prevent single-party control.
27	Schedule & run maintenance windows	3.7	I	I	A/R	Emergency changes follow SLA notice/RCA.
28	Emergency actions to prevent double-signing/slashing	3.8(c)	I	C	A/R	Immediate action by P2; notify others w/o undue delay.
29	Operational discretion—routine infra actions	3.8(b)	I	C	A/R	P2 can act within approved policies.
30	Operational discretion—routing/tooling thresholds	3.8(b)	I	A/R	C	Within approved policies.

31	Operational reporting (weekly/monthly)	3.9(a)	I	C	A/R	Contents per SLA.
32	Program reporting (KIN)	3.9(b)	I	A/R	I	To extent data is available.
33	Incident notices within SLA timelines	3.9(c), SLA	I	C	A/R	SEV-based timelines in SLA.
34	Dashboard access for near-real-time metrics	3.9(d)	I	I	A/R	KIN administers; P2 feeds telemetry.
35	Protocol compliance (validator rules/standards)	3.1	A/R (own)	A/R (own)	A/R (own)	Each Party accountable for its own compliance.
36	Legal & regulatory compliance (AML/sanctions/data)	3.1	A/R (own)	A/R (own)	A/R (own)	As applicable by role/jurisdiction.
37	Prohibited actions (no double-signing, etc.)	3.11	A/R (own)	A/R (own)	A/R (own)	Applies to each Party individually.
38	Delegation/subcontracting approvals & oversight	3.12	A/R (own)	A/R (own)	A/R (own)	Prior written consent where required.
39	SLA performance ownership—infra metrics	3.13, SLA	I	C	A/R	Uptime/latency/patch windows.
40	SLA performance ownership—tooling/routing metrics	3.13, SLA	I	A/R	C	Validator scoring/routing KPIs.
41	Service credits issuance (if any)	3.13, SLA	I	C	A	P2 issues per SLA; disputes via governance/DR clause.
42	Records & audit cooperation	3.14	A/R (own)	A/R (own)	A/R (own)	Subject to confidentiality & data-protection terms.

Form: 10-K

Documents