{"id":22910,"date":"2025-04-10T14:00:00","date_gmt":"2025-04-10T11:00:00","guid":{"rendered":"https:\/\/forklog.com\/en\/the-price-of-popularity-and-a-lesson-for-all-hyperliquid\/"},"modified":"2025-04-10T14:00:00","modified_gmt":"2025-04-10T11:00:00","slug":"the-price-of-popularity-and-a-lesson-for-all-hyperliquid","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/the-price-of-popularity-and-a-lesson-for-all-hyperliquid\/","title":{"rendered":"The price of popularity\u2014and a lesson for all: Hyperliquid"},"content":{"rendered":"<p>After a generous <a href=\"https:\/\/u1f987.com\/en\/news\/hype-or-a-new-standard-what-hyperliquids-airdrop-historys-most-generous-teaches-us\">airdrop<\/a> in November 2024, the decentralised exchange (DEX) Hyperliquid drew industry-wide attention and topped trading volumes, ahead of <a href=\"https:\/\/u1f987.com\/en\/news\/jupiter-dex-aggregator-announces-new-airdrop\">Jupiter<\/a> and <a href=\"https:\/\/u1f987.com\/en\/news\/dydx-allocates-25-of-fees-for-token-buyback\">dYdX<\/a>. High transaction throughput, no <span data-descr=\"know your customer\" class=\"old_tooltip\">KYC<\/span> requirements and ample liquidity made the platform a welcoming venue for crypto whales.<\/p>\n<p>High-risk positions worth about $8m opened on the DEX on 26 March 2025 <a href=\"https:\/\/u1f987.com\/en\/news\/hyperliquid-delists-contract-amid-price-manipulation-concerns\">jeopardised<\/a> not only the platform\u2019s stability but also the safety of client funds in the Hyperliquidity Provider Vault (HLP). The actions of several large addresses formed part of a coordinated attack involving price manipulation on external trading venues.<\/p>\n<p>ForkLog reviewed the incident\u2019s timeline, reactions from industry leaders, rivals\u2019 \u201cconvenient\u201d moves and the defensive steps taken by Hyperliquid\u2019s management\u2014measures that have cast doubt on its decentralisation principles.<\/p>\n<h2 class=\"wp-block-heading\">The day of the attack<\/h2>\n<p>Hyperliquid uses <a href=\"https:\/\/u1f987.com\/en\/news\/risks-opportunities-and-more-risks-a-checklist-for-a-successful-liquidity-provider\">liquidity pools<\/a> from the HLP treasury to hedge positions. When a user opens a position, the mechanism executes a corresponding hedging order. In the event of liquidation, the system continuously and smoothly buys back the asset, creating a spiral effect.<\/p>\n<p>Liquidations of short positions occur when prices jump sharply. Users can intentionally increase risk, minimising their own margin losses while shifting the burden to the HLP vault.<\/p>\n<p>The design of Hyperliquid\u2019s passive market-maker pools <a href=\"https:\/\/u1f987.com\/en\/news\/hyperliquid-whales-manipulation-ends-in-losses-exact-figures-unknown\">enabled manipulation of<\/a> the liquidation system, harming HLP. At the time, the vault held about $290m.<\/p>\n<p>According to the Hyperliquid team, at around 12:50 (UTC) on March 26 the DEX was attacked through manipulation of a thinly traded token\u2014JELLYJELLY. After detecting \u201csuspicious market activity\u201d, six validator votes initiated the delisting of perpetual contracts on the asset.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">After evidence of suspicious market activity, the validator set convened and voted to delist JELLY perps. <\/p>\n<p>All users apart from flagged addresses will be made whole from the Hyper Foundation. This will be done automatically in the coming days based on onchain data. There is no\u2026<\/p>\n<p>\u2014 Hyperliquid (@HyperliquidX) <a href=\"https:\/\/twitter.com\/HyperliquidX\/status\/1904923137684496784?ref_src=twsrc%5Etfw\">March 26, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In an <a href=\"https:\/\/hyperliquid-co.gitbook.io\/community-docs\/introduction\/roadmap\/2025-26-03_incident#id-1.-timeline-of-events-utc\">official report<\/a>, Hyperliquid representatives split the incident into four phases, detailing trades, addresses and transaction hashes involved on the day of the attack.<\/p>\n<p>A brief timeline:<\/p>\n<ul class=\"wp-block-list\">\n<li>phase 0 \u2014 \u201cmarket preparation\u201d. The JELLYJELLY price rose by 13% by 10:50 UTC, then returned to its initial level by 12:15. This was likely a test of market reaction and liquidity before the main attack. Over the next 40 minutes, the price fell 93% \u2014 from $0.1287 to $0.00831 \u2014 to speed up subsequent long liquidations and the assault on HLP vaults;<\/li>\n<\/ul>\n<ul class=\"wp-block-list\">\n<li>phase 1 \u2014 creation of a <a href=\"https:\/\/u1f987.com\/en\/news\/delta%e2%80%91neutral-synthetic-dollars-why-the-usde-stablecoin-matters\">delta-neutral<\/a> position. At 12:53, attackers opened large short positions in JELLYJELLY perpetuals from address 0xde95\u2026c91: two transactions at about $0.00950 totalling roughly $4.08m. Then, to offset losses from two other addresses, they placed long orders totalling $4.06m. User 0x67fe\u2026CA2 opened a long for 201,877,470 JELLYJELLY at $0.009503. Address 0x20e8\u2026808 submitted similar orders;<\/li>\n<\/ul>\n<ul class=\"wp-block-list\">\n<li>phase 2 \u2014 triggering the liquidation mechanism to route orders into HLP vaults. At 13:03, the attackers requested the withdrawal of all available margin and partially closed their shorts, deliberately provoking liquidation. A short of about $254,189 was closed at $0.073978. In the same minute, thanks to the high-speed mechanism, a short position of almost 400m JELLYJELLY ended up in the HLP vault. Over the next two minutes, the attackers transferred 2,762,742.63 USDC to the Arbitrum network. As a result, Hyperliquid\u2019s settlement mechanism held a short opened at $0.011282;<\/li>\n<\/ul>\n<ul class=\"wp-block-list\">\n<li>phase 3 \u2014 pumping JELLYJELLY to damage Hyperliquid. Between 13:00 and 14:00, the attackers aggressively pumped JELLYJELLY to saddle Hyperliquid with huge unrealised losses on the open shorts. Coordinating across the platform and external exchanges, they drove the price by roughly 400% to about $0.05. Owing to the token\u2019s low liquidity, spot buying on large exchanges caused a sharp spike. Because pricing of perpetuals on Hyperliquid relied on an oracle tied to spot, the manipulation immediately affected derivatives.<\/li>\n<\/ul>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXe-Ckm8ovQJeYAHX8NFPJZVS46TgUpbSy2vjkGs0yv2UPlDdu8H5ETgGvkHCdoWBrL0g5aaeC-aRIT1LQ_uwR7Ozg8JRC0RBEfb6ObuifDRKm_a2ai67JV5maPKyL822ndh30MG?key=apbcZo3lZyj2gGPXbi3UuUQd\" alt=\"The price of popularity\u2014and a lesson for all: Hyperliquid\"\/><figcaption class=\"wp-element-caption\">JELLYJELLY price manipulation. Data: <a href=\"https:\/\/x.com\/lookonchain\/status\/1904922981073035498\">Lookonchain<\/a>, Raydium.<\/figcaption><\/figure>\n<p> Specialists at the DEX <a href=\"https:\/\/hyperliquid-co.gitbook.io\/community-docs\/introduction\/roadmap\/2025-26-03_incident#preparation-phase\">linked<\/a> earlier \u201csuspicious\u201d transactions between March 15 and 25, calling them \u201cpreparatory\u201d. These experiments aimed to refine the strategy and explore the exchange\u2019s mechanics. The tagged addresses deposited and withdrew funds, tested liquidations with different amounts and managed positions using several order types.<\/p>\n<p>As a result of the March 26 incident, a whale managed to withdraw about $6.2m. Arkham experts noted that even if the attackers had taken the then-remaining ~$900,000, they would still have lost roughly $4,000.<\/p>\n<p>The exchange halted trading, fixed the price at $0.0095 and even ended up about $700,000 in the black, promising to reimburse affected users.<\/p>\n<p>The moves sparked a barrage of criticism on social media. Some centralised-exchange (CEX) executives, backed by influencers, accused the team of violating decentralisation principles and of negligence.<\/p>\n<h2 class=\"wp-block-heading\">Could CEXs have acted differently?<\/h2>\n<p>According to <a href=\"https:\/\/defillama.com\/perps\">DeFi Llama<\/a>, as of April 8 2025, the average daily volume of perpetuals across all venues was about $20.3bn. Over half \u2014 roughly $13bn \u2014 went through Hyperliquid.<\/p>\n<p>Per <a href=\"https:\/\/www.coingecko.com\/en\/exchanges\/derivatives\">CoinGecko<\/a>, at the time of writing Hyperliquid ranks 13th by open interest among derivatives exchanges with $2.7bn. It outpaces big players like Deribit and the derivatives arms of Crypto.com, BingX and KuCoin. This is the first time a decentralised exchange has competed so successfully with established centralised venues.<\/p>\n<p>Beyond USDC on Arbitrum, the platform accepts bitcoin as collateral. That makes Hyperliquid one of the few DEXs that let users trade the \u201cdigital gold\u201d directly from a Web3 wallet.<\/p>\n<p>On March 15, Hyperliquid\u2019s share of BTC perpetuals <a href=\"https:\/\/x.com\/skewga_hyper\/status\/1902149042747933027\">hit an all-time high<\/a>, amounting to roughly 50% of Bybit\u2019s volumes and 21% of Binance\u2019s.<\/p>\n<p>According to <a href=\"https:\/\/dune.com\/x3research\/hyperliquid\">Dune<\/a>, the platform has attracted more than 415,000 users and processed around 60bn trades.<\/p>\n<p>In the view of the affected DEX\u2019s specialists, centralised exchanges and their leadership played a significant role in the March 26 incident. After analysis, they concluded that the greatest influence on the attack came from malicious users on Bybit. They cited the main reasons:<\/p>\n<ul class=\"wp-block-list\">\n<li>influence on the oracle. Bybit\u2019s impact on the delivery of spot quotes was disproportionately large;<\/li>\n<li>role in the margin-price calculation. The average price of contracts on Bybit was directly used to compute the <span data-descr=\"mark price. Reflects the spot price on major exchanges in real time\" class=\"old_tooltip\">mark price<\/span> on Hyperliquid;<\/li>\n<li>liquidity. The deep order book on Bybit allowed large trades with minimal slippage;<\/li>\n<li>limited competition. The effect was amplified because large exchanges such as Binance had not yet listed JELLYJELLY, leaving price formation largely to Bybit and smaller venues.<\/li>\n<\/ul>\n<p>By pumping the token, the attackers distorted oracle data used to compute the mark price on Hyperliquid, triggering liquidations.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXegm_kOIGZ3UDwgJmE_F_VGnbU44OUe__8_D9Igc5wbZPh7xdSogpbO9GbQr63Lp75WXfNQVDaEShWSDTRrmLHnMj0fLhC6Qu_6oCn9r-VymsBT6IAOgI-NSYrf2THgX9Hi3q3PYw?key=apbcZo3lZyj2gGPXbi3UuUQd\" alt=\"The price of popularity\u2014and a lesson for all: Hyperliquid\"\/><figcaption class=\"wp-element-caption\">Trading-volume comparison on popular exchanges before and during the attack. Data: <a href=\"https:\/\/hyperliquid-co.gitbook.io\/community-docs\/introduction\/roadmap\/2025-26-03_incident#how-the-attack-was-executed-external-market-manipulations\">Hyperliquid<\/a>.<\/figcaption><\/figure>\n<p> While JELLYJELLY price manipulation ran through traffic on Bybit, Binance and Bitget, the leadership of these exchanges did not sit on their hands.<\/p>\n<p>Bitget CEO Gracy Chen said:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cThe way Hyperliquid handled the incident was immature, unethical and unprofessional, led to user losses and raised serious doubts about its commitment to principles. Although the platform positions itself as a cutting-edge DEX with an innovative approach, it operates more like an offshore CEX without KYC\/<span data-descr=\"anti-money laundering\" class=\"old_tooltip\">AML<\/span> that indulges flows of illicit funds and bad actors.\u201d<\/em><\/p>\n<\/blockquote>\n<p>As the price of a thin token surged, CEXs listed derivatives after Hyperliquid halted trading. At 15:30, OKX\u2014and then at 16:00, Binance Futures\u2014launched trading in JELLYJELLYUSDT perpetuals with 50x leverage.<\/p>\n<p>On the timely chance to wound a rival, former BitMEX chief Arthur Hayes spoke obliquely. He cast OKX head Star Xu and former Binance CEO Changpeng Zhao (CZ) as accomplices against a \u201cweak\u201d Hyperliquid.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Some of you will appreciate the irony that CZ and Star are cooperating to gang up on <a href=\"https:\/\/twitter.com\/HyperliquidX?ref_src=twsrc%5Etfw\">@HyperliquidX<\/a> . You gotta know ur crypto history to get the joke. There is nothing more that humans like than to support an underdog vs. a perceived unstoppable opponent. <a href=\"https:\/\/twitter.com\/search?q=%24HYPE&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$HYPE<\/a> for the win! <a href=\"https:\/\/t.co\/pSgYcB9NAK\">pic.twitter.com\/pSgYcB9NAK<\/a><\/p>\n<p>\u2014 Arthur Hayes (@CryptoHayes) <a href=\"https:\/\/twitter.com\/CryptoHayes\/status\/1905172373596176389?ref_src=twsrc%5Etfw\">March 27, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h2 class=\"wp-block-heading\">Too early to draw conclusions<\/h2>\n<p>Hyperliquid\u2019s architecture is built for scale, with potential integration of the rising SVM and <a href=\"https:\/\/u1f987.com\/en\/news\/zuckerbergs-moves-how-metas-legacy-is-evolving-aptos-and-sui\">MoveVM<\/a> into its ecosystem. Its L1 with the HyperBFT consensus serves as a base for potential DeFi applications and L2 solutions launched atop it, such as <a href=\"https:\/\/u1f987.com\/en\/news\/hyperliquid-team-launches-hyperevm\">HyperEVM<\/a>.<\/p>\n<p>Thanks to its technical capabilities, Hyperliquid offers more flexibility than CEXs and presents serious competition to them.<\/p>\n<p>In a <a href=\"https:\/\/wublock.substack.com\/p\/exploring-the-jelly-short-squeeze?r=jbpop&#038;triedRedirect=true\">31 March interview<\/a> with Wu Blockchain, a developer of an <span data-descr=\"Liquid Staking Derivatives\" class=\"old_tooltip\">LSD<\/span> protocol named Sean shared his views on the criticism aimed at the DEX.<\/p>\n<p>He mentioned Binance\u2019s strategic plans to bring users back to the exchange via BNB Chain. He also suggested that CZ is trying to recreate Solana\u2019s playbook by aggressively pushing <a href=\"https:\/\/u1f987.com\/en\/news\/meme-tokens-from-joke-to-scam\">memecoins<\/a>.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cBinance and OKX undoubtedly feel threatened by decentralised solutions and will work to minimise these risks. Such competition is expected and entirely justified,\u201d<\/em> the developer added.<\/p>\n<\/blockquote>\n<p>He noted he does not fully understand why influencers promote centralised exchanges while excessively criticising Hyperliquid. They use isolated incidents as a pretext to disparage the entire architecture.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cCompetition in the industry should neither be exaggerated nor turned toxic. Centralised exchanges have systemic problems of their own and should remain vigilant. Their core role is to earn fees from trading volumes, not to engage in dubious PR attacks via key opinion leaders against competitors,\u201d<\/em> Sean stressed.<\/p>\n<\/blockquote>\n<p>Hyperliquid was originally created as a market maker, so liquidity took precedence over system-wide risk management. After <a href=\"https:\/\/u1f987.com\/en\/news\/experts-suspect-whale-activity-as-potential-attack-on-hyperliquid\">past incidents<\/a> involving excessive leverage, Hyperliquid lowered borrow limits for BTC and ETH.<\/p>\n<p>Sean highlighted the DEX\u2019s shortcomings:<\/p>\n<ul class=\"wp-block-list\">\n<li>limited resources without access to open-source code. Its closed nature raises concerns about possible manipulation by the team, for example related to MEV;<\/li>\n<li>the Hyperliquid block explorer provides a limited range of information (no detailed account interaction history and no asset balance data);<\/li>\n<li>use of a listing process via a <span data-descr=\"an auction in which the highest price is announced at the start, then bids decrease until the first purchase\" class=\"old_tooltip\">Dutch auction<\/span>. This allowed a small-cap token to open an excessively large short position\u2014larger than its entire market capitalisation;<\/li>\n<li>the mechanics of passive market-maker pools. If exploited\u2014especially with low-liquidity projects\u2014losses can be readily inflicted on HLP users.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\">Conclusion<\/h2>\n<p>The JELLYJELLY incident is an important lesson for the crypto industry. The attack on a DEX set a precedent, sparking worrying debates about a network of \u201csleeping\u201d hackers across trading platforms and the rights of decentralised-exchange customers. The situation forced developers to revisit existing security systems.<\/p>\n<p>In a bid to lead DeFi and offer users a coherent decentralised ecosystem, Hyperliquid\u2019s developers introduced new mechanisms. They used a passive market-maker protocol, granting ownership and governance of HLP to users. Ultimately, however, they were forced to intervene in their own decentralisation rules by closing trading in JELLYJELLY. Management, for its part, allowed trading of low-liquidity tokens with high leverage, perhaps paying insufficient attention to the manipulations in the first half of March.<\/p>\n<p>CEX managers acted within their business models, where free competition can turn toxic. Influencers picked up the theme, doing their job and fanning the flames\u2014ones that, for now, Hyperliquid has partly extinguished.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>After a generous airdrop in November 2024, the decentralised exchange (DEX) Hyperliquid drew industry-wide attention and topped trading volumes, ahead of Jupiter and dYdX. High transaction throughput, no KYC requirements and ample liquidity made the platform a welcoming venue for crypto whales. High-risk positions worth about $8m opened on the DEX on 26 March 2025 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":22909,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[1144],"tags":[1166,787,1246],"class_list":["post-22910","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-longreads","tag-centralized-exchanges-cex","tag-dex","tag-scammers"],"aioseo_notices":[],"amp_enabled":true,"views":"255","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/22910","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=22910"}],"version-history":[{"count":0,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/22910\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/22909"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=22910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=22910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=22910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}