Original author: YBB Capital Researcher Zeke
1. A Feast for Crows
On March 26, the highly anticipated Dex project Hyperliquid was attacked again. This is the fourth major security incident that has occurred in Hyperliquid since the TGE in November last year, and it is also the most serious crisis faced by the project since its establishment. Looking back at the entire attack path, this method is the same as the previous 50 times long ETH whale, but this time the attack is more precise and fierce, like a feast for crows against Dex.
JELLY, which is at the center of the vortex with Hyperliquid, is a passed low-liquidity Meme token on Solana. Its market value was only $10 million before the attack began. The lack of depth and the 50x leverage launched by the platform at its peak made JELLY the best explosive to break into the Hyperliquid vault. At nine oclock that night, the attacker deposited a margin of 3.5 million USDC into the platform and opened a short order of JELLY worth $4.08 million (opening price of $0.0095), and the leverage ratio reached the upper limit of the platform. At the same time, a giant whale address holding 126 million JELLY began to sell in the spot market, causing the token price to plummet and making the short order floating profit.
The key turning point occurred in the margin withdrawal: the attacker quickly withdrew 2.76 million USDC, resulting in insufficient margin for the remaining short orders, triggering Hyperliquids automatic liquidation mechanism. The platforms insurance vault HLP (composed of user pledged funds) was forced to take over the short position of 398 million JELLY. At this time, the attacker began to reverse the operation and bought JELLY in large quantities within 1 hour. The price of JELLY soared several times to US$0.034, and HLPs floating loss exceeded US$10.5 million. If the price of JELLY continues to rise to more than US$0.16, HLP will face a risk of zeroing of US$240 million.
When Hyperliquid got into trouble, crows smelled rotten meat. Centralized exchanges such as Binance and OKX began to intervene quickly. The two platforms quickly announced the launch of JELLYs perpetual contract within an hour of the attack, and it is suspected that they used the liquidity depth and influence of centralized exchanges to continue to push up the token price and further magnify HLPs loss gap. The markets doubts about these two platforms have been rising one after another, but the more interesting things are yet to come.
The Hyperliquid Validator Committee passed a vote to delist JELLY perpetual contracts 26 minutes before Binance officially launched the perpetual contracts. The final closing price was also the attackers opening price (less than one-third of the market price at that time), and HLP made a profit of $700,000. Faced with a dilemma, Hyperliquid chose to take a step back and tear off the fig leaf of decentralization by itself.
2. Binance on the chain?
As the leading protocol in the on-chain perpetual contract track, Hyperliquids trading volume accounts for 9% of Binances global contract trading volume, which is far ahead of other Dex platforms. In contrast, other Dex platforms (such as Jupiter and dYdX) only account for about 5% of Binances contract trading volume, so Hyperliquid is also known as Binance on the chain.
However, this Dex project, which was established after the collapse of FTX, seems to be far less lucky than Binance, and even has a more tortuous experience than SBF. After TGE, it suffered a major attack almost every month, which made Hyperliquid always hang on a thread. Lets review these security incidents:
1. December 2024: Potential threat from North Korean hackers (attempted attack)
Event details: Security researchers discovered that multiple marked North Korean hacker addresses conducted trading tests on Hyperliquid, with cumulative losses exceeding $700,000. These addresses tested system vulnerabilities through repeated transactions, possibly preparing for subsequent attacks.
Risks: closed source code, opaque multi-signature mechanism, lack of publicity and review.
2. January 2025: ETH whale high leverage attack
What happened: A user opened a long ETH order worth $300 million with 50x leverage. After making a floating profit of $8 million, he suddenly withdrew most of the margin, causing the liquidation price to be pushed up. In the end, HLP was forced to take over the position and lost about $4 million.
Risks: problems with the margin mechanism and the HLP mechanism.
3. March 12, 2025: Second attack by ETH whales
What happened: The attacker once again used high leverage to operate the ETH contract, causing further losses to the HLP vault.
Countermeasures: On March 15, the network was urgently upgraded and the margin transfer rules were adjusted (the margin ratio was set to 20%).
4. March 26, 2025: JELLY Incident
Events: As described above.
Risks: The centralization problem caused by the limited number of validators and the HLP mechanism problem are further amplified under the siege of Cex.
In last year’s article, I summarized some of the shortcomings of UNI. It is unlikely that humans will have a completely decentralized Dex project for several reasons:
1. A successful Dex project must rely on an entity team, and the important development direction of the project is often completely controlled by them rather than the community (such as UNI front-end charges and UniChains launch were not voted on by the community).
2. Governance voting is impossible to achieve complete decentralization. Projects with financing can be influenced by the lead investor, while successful projects without financing are more centralized in decision-making and revenue (such as Pump.fun). The most critical point is that the solution lies in the Sybil problem, but the solution violates the bottom line of decentralization.
3. No one is willing to give up their voice and interests. Among the well-known leaders in the blockchain world, even the most Buddhist Vitalik cannot become the next Satoshi Nakamoto.
4. Dex projects will undoubtedly develop towards capital efficiency. For AMM alone, development means taking on the risks brought by complexity and greater centralization. We have already talked about the issue of complexity in the article about UNI. UniChain is on the road to a more centralized American Union (Optimism Superchain), which is moving towards a more efficient but more fragile system.
Then, in conjunction with the above security incident, let’s talk about Hyperliquid, which we didn’t talk about last year. Considering that blockchain currently only focuses on value circulation and a large amount of abandoned infrastructure, Perp Dex should be the most capable of taking over idle block space. However, through Hyperliquid reflection, there are still many problems with the full-chain Perp Dex:
1. For such projects, from the perspective of user choice alone, capital efficiency and project background > decentralization. (From the perspective of Cexs status, this is also an inevitable stage)
2. Perp Dex is not a black box, but a casino where everyone has a telescope. When funds can be leveraged 50 times, how can algorithms and mechanisms defeat gamblers with telescopes?
3. No financing is indeed a good narrative, and high performance is also a good narrative. But in fact, it is also a feature of more centralized decision-making and projects. After the security incident broke out, AMM had to admit defeat. Hyperliquid is more like a centralized exchange controlled by a few people, and the only advantage is that it is more transparent and does not require KYC.
4. In the absence of a dynamic risk control mechanism, should high-risk assets be treated strictly differently from mainstream assets? Should large withdrawals of unrealized profits trigger risk control?
5. Will Hyperliquid eventually become the “FTX 2.0” as Bitget CEO calls it?
3. Hyperliquid’s internal problems
With the fifth question mentioned above, lets expand on it. From the perspective of liquidity, although Hyperliquid is the leader among Dex, its whale deposits may account for nearly 20% of the platforms TVL under normal circumstances. This means that if a similar incident on a larger scale occurs again, it may trigger a large number of whales to flee, and Hyperliquid will instantly fall into a dead end of liquidity depletion. At this time, all you can do is unplug the network cable again, so the thickness and composition of liquidity are crucial to Perp Dex. Although Hyperliquid can directly compete with the second-tier Cex today, it is obvious that in the absence of dynamic leverage restrictions, its on-chain liquidity is not enough to support this fixed ultra-high leverage.
From the perspective of architecture, Hyperliquid is a Dex with its own Layer 1. The composition of the entire chain is quite innovative but not complicated. Simply put, it is EVM+matching engine. According to the description in the official technical documentation, it is HyperEVM+HyperCore. Hyperliquid L1 is not a separate chain, but is protected by the same HyperBFT consensus as HyperCore. This allows EVM to interact directly with HyperCore, such as spot and perpetual contracts Perp.
We might as well explain HyperCore in more detail here:
As mentioned above, HyperCore is equivalent to the matching engine of centralized exchanges. It shares the same consensus layer (HyperBFT) with HyperEVM, so the two are not independent chains, but different execution environments in the same blockchain network. Artela, a public chain from Alibaba, actually has a similar idea. HyperCore is positioned to focus on running the core business logic of the exchange (such as order book matching, derivatives clearing, and asset custody). Its underlying layer is based on RustVM (a virtual machine optimized for high-frequency trading) and is designed with a licensing system. It only supports officially recognized functions (such as USDC assets and tokens generated through the HIP-1 protocol). Collaboration with HyperEVM is achieved through precompiled contracts. For example, a common operation is: a user initiates a perpetual contract liquidation operation through a contract on HyperEVM → the operation is written into HyperCores order book through a precompiled contract → HyperCore performs clearing and settlement.
This dual-chain design under the same consensus layer actually has potential risks: 1. Inconsistent transaction status. 2. Synchronization delay. 3. Various interaction risks such as cross-chain liquidation delay. 4. Not permissionless. For a Layer 1, decentralization takes time to settle, and we cannot force it. But its architecture seems to have a lot of potential risks.
The HLP (HyperliquidPool) vault is the core of the Hyperliquid ecosystem. Its design logic is to build a decentralized market maker fund pool by aggregating assets such as USDC from community users. This is somewhat similar to the LP in AMM, but more efficient. The bottom layer of the vault adopts a dual-track system of on-chain order book + strategy pool:
Order book mode: HLP actively places orders to provide depth, supporting professional trading functions such as limit orders and stop-loss orders;
Strategy pool mechanism: allows ordinary users to create customized liquidity strategies (such as dynamic spread adjustment), automatically execute market-making strategies through smart contracts, maintain a spread of 0.3% every 3 seconds, and ensure the flexibility of liquidity supply and maximize profits.
After users deposit assets, they will receive HLP token certificates, and the sources of income include:
Transaction fee sharing: 0.02% -0.05% transaction fee collected by the platform is distributed to liquidity providers in proportion;
Funding rate arbitrage: In perpetual contract transactions, HLP serves as a funding settlement pool for both long and short parties, capturing interest rate spreads;
Liquidation income: When a users position is liquidated, HLP, as the final counterparty, absorbs the remaining margin and forms an additional income stream.
In short, the essence of HLP is to provide users with income (similar to Cexs arbitrage strategy) and provide liquidity for perpetual contract transactions on Hyperliquid. When users go long, HLP will sell contracts to meet user needs. When users go short, HLP will buy contracts. As mentioned above, when the users position is forced to close, HLP, as the final counterparty, will absorb the remaining margin, that is, take over the position. At this time, the attacker manipulates the token price to rise, and HLP must buy back the token at a high price to close the position. According to the development trend of the JELLY incident, if the network cable is not unplugged, the explosion of the vault may come true on March 27.
To put it in laymans terms, the whale attacker is betting against a dealer with transparent cards and fixed behavioral logic, and the funds used by this dealer come from the community and all partners.
4. The road ahead is long and difficult
Perp Dex has been around for a long time, and its history is even longer than AMM. Its rise originated from the hybrid mechanism of dYdX, and it flourished from Hyperliquids comprehensive simulation of Cex. Hyperliquid has achieved the best on-chain in terms of both returns and capital efficiency, but the problem is that in the short term, it can still rely on centralized governance to maintain this grand occasion, but in the long run, how to fight against the inefficiency and fragility brought by the decentralized part?
In fact, we are not simply criticizing Hyperliquid in the above article, but also reflecting on the decentralized system, the fragmentation of liquidity, the evil caused by on-chain transparency, the inefficiency and centralization of voting governance, and the fragility under fixed logic. The road ahead for the order book Dex is still full of thorns. In this war against Cex that has lasted for several years, Hyperliquid has at least conquered the most cities and plundered the most territories. So on this basis, what should be the next step?
5. The market is always right
If we only consider correctness, I might casually say that FHE+Layer x with chain abstraction is the ultimate answer to Perp Dex, but this is obviously meaningless. Just like the ZK+On-Chain Game a few years ago, it is correct but there is no demand. These things will always disappear in the wheel of the times.
The success of DeFi is not entirely due to how decentralized it is, but through the prism of decentralization, it meets the financial needs of users that CeFi cannot meet at all.
Hyperliquid is a successful paradigm of Perp Dex at this time point. It is OK to regard this emerging product as a Dex built on a single-machine chain or a Cex with a transparent ledger. From my point of view, it is more like a mirror version of BNB Chain. BNB has achieved success through the resource advantages of the worlds first Cex. Hyperliquid has gained the worship of natives and refugees by wearing the chain robe. If it really wants to become a Buddha, the journey to obtain the scriptures must indeed go through eighty-one difficulties.
As a product that simulates Cex to the greatest extent through the chain, it has some inefficiency given by the chain. The convergence lever plus various insurance mechanisms do their best to avoid the embarrassment of unplugging the network cable, allowing it to safely overcome the difficulties in the short term.
If we extend this timeline a little, a new product may not follow the old thinking. Should the exploration of governance and various mechanisms also follow the thinking when Hyperliquid was established, with demand and efficiency first?
Reference articles:
1.Hyperliquid is being hunted again: a multi-party game of the mantis stalks the cicada, while the oriole waits behind https://www.techflowpost.com/article/detail_24591.html
2.Hyperliquid liquidation incident: Sober thinking after the leverage storm https://mp.weixin.qq.com/s/ z 9 WHrHV 5 x 32 s 6 jMNkS 2 YsQ
