Hyperliquid Under Siege Again: A Multi-Party Game of "The Mantis Stalks the Cicada, Unaware of the Oriole Behind"
TechFlow Selected TechFlow Selected
Hyperliquid Under Siege Again: A Multi-Party Game of "The Mantis Stalks the Cicada, Unaware of the Oriole Behind"
For Hyperliquid, this is both a crisis of fund security and a test of trust.
Navigating Web3 tides with focused insightsWritten by: TechFlow
The most dramatic moves in the crypto market often happen late at night.
In the early hours of March 26, Hyperliquid, a decentralized exchange (DEX), faced a potential $240 million liquidation risk in its treasury due to price manipulation of the memecoin $JELLYJELLY.
Previously, a whale using 50x leverage on Hyperliquid had deliberately triggered the liquidation of their own long position, putting Hyperliquid’s treasury at risk.
Last night’s incident not only exposed the vulnerabilities of DeFi/DEX platforms under high-leverage trading but also became more complex due to the “active assistance” from centralized exchanges (CEX)—this was less an attack and more a calculated hunt: the螳螂捕蝉,黄雀在后:
The attacker sought profit through price manipulation; CEXs aimed to list popular tokens to attract users and traffic, indirectly undermining competing DEXs’ financial security and reputation.
If you're unfamiliar with Hyperliquid or this attack, we’ve compiled summaries and analyses from various sources to reconstruct the full picture, explain the mechanics in simple terms, and explore each party’s motivations.
What Happened: From Short Position to Treasury Crisis
First, understand what Hyperliquid is.
Hyperliquid is a decentralized trading platform built on its own Layer 1 blockchain, offering perpetual contracts with the goal of combining the strengths of both centralized and decentralized exchanges.
Its treasury, known as HLP, is a community-owned protocol vault responsible for market making and liquidations. Users can deposit funds into HLP to share in profits and losses. According to Vaults | Hyperliquid Docs, deposits into HLP are locked for four days to support platform liquidity.
So how exactly did this attack on the HLP treasury unfold?
(Image source: Ai Auntie's Twitter post)
-
Opening a short position: As monitored by Ai Auntie, the attacker opened a $4.08 million short position on $JELLYJELLY via addresses such as 0xde9...f5c91 on Hyperliquid, at an entry price of $0.0095, with $3.5 million USDC in margin.
-
Driving down price to trigger liquidation: Another address (e.g., Hc8gN...WRcwq) coordinated by selling $JELLYJELLY in the spot market, driving down its price and creating apparent paper profits on the short. The attacker then withdrew $2.76 million in margin, causing the position to become undercollateralized and triggering liquidation—transferring the short to the HLP treasury.
-
Buying up to increase treasury losses: After liquidation, the attacker aggressively bought $JELLYJELLY in two waves at 21:01 and 21:45, sharply increasing the price. According to CoinGecko, the price surged over 230% in a short time, significantly deepening the treasury’s unrealized losses on the inherited short.
-
CEX intervention amplifies impact: As long as $JELLYJELLY continued rising, the treasury’s loss would grow. At that moment, Binance and OKX listed $JELLYJELLY perpetual contracts, drawing massive trading volume and pushing the price even higher, worsening the treasury’s exposure.
-
Treasury faces run risk: By March 27, 2025, the treasury had accumulated $10.63 million in unrealized losses, with TVL dropping about $20 million to $231 million (Hyperliquid Dashboard). If $JELLYJELLY reached $0.17, the treasury could face full liquidation, risking a $240 million loss.
-
Hyperliquid delists JELLYJELLY, avoids loss: Ultimately, Hyperliquid cleared 392 million JELLY tokens from the treasury at $0.0095 (worth ~$3.72 million), realizing a $703,000 profit with no net loss. Upon detecting suspicious market activity, the validator set convened and voted to delist the $JELLY perpetual contract. All affected users were fully compensated by the Hyper Foundation.
Price Manipulation and the "Assistance" Effect from CEXs
If this still seems confusing, let’s break down how short positions combined with spot market moves—and CEX “assistance”—work.
A short position involves borrowing an asset to sell it, hoping to buy it back later at a lower price for profit.
For example: suppose $JELLYJELLY trades at $0.10. An attacker borrows 1 million tokens and sells them, receiving $100,000. If the price drops to $0.05, they repurchase the tokens for $50,000, repay the loan, and pocket $50,000 in profit. But if the price rises to $0.15, buying back costs $150,000—resulting in a $50,000 loss.
-
Hyperliquid's liquidation mechanism
On Hyperliquid, when a trader’s margin falls below required levels, their position is liquidated. According to Liquidations | Hyperliquid Docs, liquidations use a mark price—a composite based on external CEX prices and Hyperliquid’s order book—to ensure robustness. Once liquidated, the HLP treasury takes over the position and assumes further risk.
Now revisit the earlier steps involving shorts and spot purchases:
-
Attacker logic: suppress price → trigger liquidation → inflict losses
The attacker opens a short at $0.0095 while simultaneously dumping $JELLYJELLY on the spot market to drive down the price, making the short appear profitable.
This is easier because $JELLYJELLY is a low-liquidity memecoin—its shallow market depth makes price manipulation feasible.
By withdrawing most of their margin (e.g., $2.76 million), the attacker ensures the short becomes unsustainable, forcing liquidation. The HLP treasury then inherits the short position.
The key move: the attacker buys $JELLYJELLY aggressively, pushing the price up to $0.16. Now, the treasury must eventually buy back $JELLYJELLY at much higher prices to close the short, magnifying its losses.
-
How CEX “assistance” works
The listing of $JELLYJELLY perpetuals on CEXs created a clear “assist” effect.
With vast user bases and deep liquidity, CEXs like Binance and OKX attracted significant speculative interest upon listing $JELLYJELLY. This dramatically inflated the token’s price, further increasing the HLP treasury’s unrealized losses.
You can clearly see from the reply thread below that CEXs' intent to intervene was highly conspicuous.
Aftermath
Although Hyperliquid acted swiftly to delist $JELLYJELLY and avoided actual treasury losses, the episode revealed the fragility of DeFi platforms against high-leverage trades and price manipulation.
More importantly, it sparked widespread community skepticism about Hyperliquid’s liquidation mechanisms and decision-making transparency. Users questioned whether the platform could safeguard funds during future incidents and whether it truly operates as a decentralized entity.
Some posts noted that the top 10 depositors contributed 15.9% of total funds—should these whales withdraw, it could trigger a vicious cycle resembling a “bank run.”
No direct fund loss occurred, but reputational damage may already be underway.
Is Hyperliquid really a DEX? If so, how can it unilaterally delist a token so quickly? Is governance power concentrated among a few?
These concerns reflect broader user expectations around governance transparency and community involvement in DeFi, presenting new challenges for Hyperliquid: how to balance decentralization with operational efficiency while ensuring capital safety.
As a DeFi platform relying on a community treasury and automated clearing, Hyperliquid appears vulnerable when facing the immense trading volume and market influence of CEXs. While CEXs can rapidly mobilize capital and shape prices through listings, DeFi platforms may falter due to insufficient liquidity and susceptibility to manipulation.
T螳螂捕蝉,黄雀在后: A Multi-Layered Hunt
This was a complex game where every player pursued different goals, striving to gain advantage in a high-stakes price manipulation scheme.
-
Attackers: Profit-driven manipulators
The attackers aimed to profit from price swings. As shown in Ai Auntie’s analysis, the manipulating addresses held 124 million $JELLYJELLY (valued at $4.86 million), suggesting a strategy to dump after pumping. They likely mimicked the prior 50x leveraged whale, exploiting the volatility of low-liquidity memecoins.
-
Hyperliquid: Protectors of users and stability
Hyperliquid worked to protect user assets and platform integrity. Community discussions suggest possible adjustments to leverage caps on major assets like BTC and ETH to reduce similar risks. Going forward, raising margin requirements or refining liquidation logic will be crucial to protect HLP’s pooled funds.
-
CEXs: Strategic “precision strikes” in competition
The rapid response and listing decisions by CEXs were not merely commercial—they likely carried competitive motives.
By swiftly launching $JELLYJELLY perpetuals, CEXs drew in hordes of speculators, drove up the price, and indirectly intensified pressure on Hyperliquid’s treasury.
This precise market intervention, while seemingly profit-motivated, may have served as a “strategic strike”—amplifying Hyperliquid’s crisis to weaken its standing as a DeFi competitor.
From these incentives, it’s clear the attacker didn’t hold all the cards. CEXs effectively leveraged the attacker’s actions to amplify their own market impact. Roles of hunter and hunted shifted dynamically throughout this multi-layered game, forming a tangled web of interests.
For Hyperliquid, this was not just a test of financial resilience but also a crisis of trust.
And this isn’t unprecedented—earlier, a 50x leveraged whale exploited Hyperliquid’s mechanism to “voluntarily liquidate” a 160,000 ETH long position, walking away with $1.857 million in profit...
We can’t predict whether such attacks will recur—but one thing is clear from this event:
The gap between the ideal of decentralization and reality remains wide. Behind more efficient trading lurks a far bloodier battlefield.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
深潮TechFlow
