Hyperliquid Quagmire: Tripartite Game, Winner Takes All

Original Title: "Hyperliquid Under Attack Again: A Multi-party Game of 'Praying Mantis Hunts the Cicada, But the Oriole is Behind'"

Original Source: DeepTech TechFlow

The crypto market's drama often unfolds in the dead of night.

On the night of March 26, the treasury of the decentralized exchange Hyperliquid faced a liquidation risk of up to $240 million due to price manipulation of the memecoin $JELLYJELLY.

Prior to this, a 50x leverage whale on Hyperliquid had previously intentionally liquidated its own long position through a similar tactic, putting the Hyperliquid treasury at risk of loss.

(See "50x Leverage Whale on Hyperliquid" Fully Liquidated, 16M ETH Long Position "Intentionally Liquidated")

This recent attack in the evening not only exposed the vulnerability of DeFi/DEX platforms in high-leverage trading but also became more complex due to the centralized exchange's (CEX) "active support" — resembling more of a 'Praying Mantis Hunts the Cicada, But the Oriole is Behind' hunt:

The attacker sought to profit through price manipulation, while the CEX aimed to attract users and traffic by listing popular tokens, indirectly undermining the fund security and reputation of rival DEXs.

If you are not familiar with Hyperliquid and the recent attack event, we have also gathered summaries and analyses from various parties, attempting to replay the full event, explain the attack principle in layman's terms, and discuss the motives of each party.

Event Timeline: From Short Position to Treasury Crisis

First, you need to know what Hyperliquid is.

Hyperliquid is a decentralized exchange based on its own Layer 1 blockchain, offering perpetual contract trading, aiming to combine the strengths of centralized and decentralized exchanges.

Its treasury, HLP, is a community-owned protocol treasury responsible for market-making and liquidation, allowing users to deposit to share profits and losses. According to Vaults | Hyperliquid Docs, HLP deposits have a 4-day lock-up period to support platform liquidity.

So, what was the entire process of the attack on the HLP treasury like?

(Image Source: Ai Auntie Twitter Post)

· Opening a Short Position: According to AI Auntie's monitoring, an attacker opened a $JELLYJELLY short position worth 4.08 million US dollars on Hyperliquid using an address (such as 0xde9...f5c91). The opening price was $0.0095, with a collateral of 3.5 million USDC.

· Price Manipulation to Trigger Liquidation: Another address (such as Hc8gN...WRcwq) cooperated to sell spot $JELLYJELLY, suppressing the spot price to show unrealized gains on the short position. The attacker then withdrew 2.76 million USDC collateral, triggering liquidation, and the treasury took over the position.

· Price Pump to Exacerbate Losses: After liquidation, the attacker made two waves of intensive purchases of $JELLYJELLY at 21:01 and 21:45, driving up the price. According to CoinGecko data, the price surged by 230% in a short period, intensifying the treasury's unrealized losses on the short position.

· CEX Intervention: As long as JELLYJELLY keeps rising, the short position's losses will further deepen. At this point, Binance and OKX launched $JELLYJELLY perpetual contracts, attracting significant trading volume, pushing the price higher and worsening the treasury's losses.

· Treasury Faces Run-Off Risk: As of March 27, 2025, the treasury's unrealized losses amounted to 10.63 million US dollars, with a TVL decrease of around 20 million US dollars, resulting in a new TVL of 231 million US dollars (Hyperliquid dashboard). If the $JELLYJELLY price rises to $0.17, the treasury may face liquidation, incurring a loss of 240 million US dollars.

· Hyperliquid Delists JELLYJELLY Without Losses: Subsequently, Hyperliquid liquidated 3.92 billion JELLY tokens (equivalent to approximately 3.72 million US dollars) at a price of $0.0095, making a profit of 703,000 US dollars with no losses incurred. Additionally, after identifying evidence of suspicious market activity, Hyperliquid's validator set held a meeting and voted to delist the JELLY perpetual contract, with all users being fully compensated by the Hyper Foundation.

Price Manipulation and the "Assist" Effect of CEX

If things seem a bit blurry, why not understand a little about shorting and spot coordination, as well as the principle of CEX assistance.

Shorting is when an investor borrows an asset to sell, hoping to buy back at a lower price after the price drops to repay the loan and make a profit.

For example: Let's say the price of $JELLYJELLY is $0.10. An attacker borrows 1 million tokens and sells them, receiving $100,000. If the price drops to $0.05, they buy back for $50,000 to repay, making a profit of $50,000. But if the price rises to $0.15, they would have to buy back at $150,000, resulting in a loss of $50,000.

Hyperliquid's Liquidation Mechanism

At Hyperliquid, when a trader's margin is insufficient to cover potential losses, their position will be liquidated. According to Liquidations | Hyperliquid Docs, liquidation utilizes a mark price (combining external CEX prices and Hyperliquid order book status) to ensure a more robust liquidation. After liquidation, the HLP Treasury takes over the position and assumes the subsequent risk.

Now let's revisit the shorting and spot buying from the previous section:

· Attacker's logic: Price suppression -- Trigger liquidation -- Create losses

The attacker initiates a short position on $JELLYJELLY at $0.0095, while also selling spot to drive down the price, causing the short position to appear profitable.

What makes this manipulation so easy to achieve is that the attacker's target is the Memecoin $Jellyjelly, which has an order book depth gap of N times, making price manipulation much easier.

The attacker withdraws most of the collateral (e.g., 2.76 million USDC), making the short position unsustainable, triggering the liquidation mechanism, and the Hyperliquid Treasury must take over this short position.

The key is that the attacker then buys $JELLYJELLY, pushing the price to $0.16. The Treasury has to buy back $JELLYJELLY at a higher price to close the short position, causing losses to escalate.

Principle of CEX Assistance

By listing a perpetual contract for $JELLYJELLY, a CEX exhibits a clear "assistance" effect.

With its large user base and trading volume, once a CEX lists a perpetual contract for $JELLYJELLY, it attracts a large number of speculators. This significantly drives up the price of $JELLYJELLY, further exacerbating the Treasury's short position losses.

You can also tell from the reply below that the CEX's intention to intervene proactively is very clear.

Subsequent Impact

Although Hyperliquid swiftly took action to delist the $JELLYJELLY perpetual contract, which did not result in any actual loss of funds, this incident exposed the vulnerability of DeFi platforms when facing high-leverage trading and price manipulation.

More importantly, this event has raised widespread questions from the community regarding Hyperliquid's liquidation mechanism and decision-making transparency. Users are concerned about whether the platform can continue to maintain fund security in future similar events, while also questioning whether the platform truly achieves decentralized governance.

One post mentioned that the top 10 deposit addresses provide 15.9% of the funds, and if a whale were to withdraw, it would accelerate a vicious cycle, leading to a "bank run."

Although there was no fund loss, reputational damage may have already begun to manifest.

Is Hyperliquid really a DEX? If it is, why was it able to delist the token so easily? Is governance power concentrated in the hands of a few?

These community voices of doubt reflect DeFi users' concerns about platform governance transparency and community participation, while also presenting Hyperliquid with a new challenge: how to balance decentralization and efficiency while maintaining fund security.

As a DeFi platform, Hyperliquid relies on the community treasury and liquidation mechanism, but in the face of CEX's massive trading volume and market influence, it appears fragile. CEX can swiftly attract funds by listing popular tokens, influencing prices, while DeFi platforms may face crises due to lack of liquidity and price manipulation.

The Mantis Stalks the Cicada, unaware of the Oriole behind

This is a complex game where each participant holds different motives, attempting to take the lead in this price manipulation game.

Attacker: Profit-Driven Price Manipulator

The attacker's goal is to profit through price manipulation. Ai's post shows that the manipulating address holds 124 million $JELLYJELLY tokens (worth $4.86 million), possibly employing a strategy of pumping and dumping at a high price after the surge. They may be imitating the earlier 50x leverage whale operation, leveraging the price volatility of a low-liquidity memecoin.

Hyperliquid: Safeguarding Users and the Platform

Hyperliquid strives to protect user funds and platform stability. A community post mentioned that the platform may adjust the BTC and ETH leverage ratios to mitigate such risks. In the future, increasing margin requirements or enhancing the liquidation mechanism will be necessary to safeguard HLP community funds.

CEX: A "Precision Strike" in Competition

The quick response and listing actions of a centralized exchange (CEX) are not merely business decisions but likely also driven by competitive considerations.

By swiftly listing the $JELLYJELLY perpetual contract, the CEX attracted a large number of speculators to enter the market, driving up the token price. This action indirectly exacerbated the loss risk of the Hyperliquid treasury.

This precise market intervention may seem like profit chasing on the surface but could actually be a "precision strike" — amplifying Hyperliquid's liquidation crisis to weaken its position as a DeFi platform in the market competition.

From the motives above, it is evident that attackers do not always have the upper hand. CEX's market strategy leverages the attacker's behavior to a certain extent, further magnifying its market influence. The roles of hunter and prey constantly alternate in this multi-layered game, ultimately forming a complex web of interests.

For Hyperliquid, this is not only a financial security crisis but also a test of trust.

After all, this is not the first time such an incident has occurred. Previously, the 50x leverage whale took advantage of the Hyperliquid mechanism to "forcefully liquidate a 160,000 ETH long position" and withdrew a profit of $1.857 million...

Whether such an attack will happen again is unpredictable, but in this event, what is clear is:

The gap between the ideal of decentralization and reality still exists, and behind more efficient transactions lies a more cutthroat game.

Original Article Link