Author: YBB Capital Researcher Zeke
1. A Feast for Crows
On March 26, the highly anticipated Dex project Hyperliquid was attacked again. This is the fourth major security incident that has occurred to Hyperliquid since the TGE in November last year, and it is also the most serious crisis faced by the project since its establishment. Looking back at the entire attack path, this method is the same as the previous 50x long ETH whale, but this time the attack is more precise and fierce, like a feast for crows against Dex.
JELLY, which is at the center of the vortex with Hyperliquid, is a "passed" low-liquidity Meme token on Solana. Its market value was only $10 million before the attack began. The lack of depth and the 50x leverage launched by the platform at its peak made JELLY the best "explosive" to break into the Hyperliquid vault. At nine o'clock that night, the attacker deposited 3.5 million USDC in margin to the platform and opened a JELLY short order worth $4.08 million (opening price $0.0095), and the leverage ratio reached the upper limit of the platform. At the same time, a giant whale address holding 126 million JELLY began to sell in the spot market, causing the token price to plummet and making the short order floating profit.
The key turning point occurred in the margin withdrawal: the attacker quickly withdrew 2.76 million USDC, resulting in insufficient margin for the remaining short orders, triggering Hyperliquid's automatic liquidation mechanism. The platform's insurance vault HLP (composed of user pledged funds) was forced to take over the short position of 398 million JELLY. At this time, the attacker began to reverse the operation and bought JELLY in large quantities within 1 hour. The price of JELLY soared several times to US$0.034, and HLP's floating loss exceeded US$10.5 million. If the price of JELLY continues to rise to more than US$0.16, HLP will face a risk of zeroing of US$240 million.
When Hyperliquid got into trouble, crows smelled rotten meat. Centralized exchanges such as Binance and OKX began to intervene quickly. The two platforms quickly announced the launch of JELLY's perpetual contract within an hour of the attack, and it is suspected that they used the liquidity depth and influence of centralized exchanges to continue to push up the token price and further magnify HLP's loss gap. The market has raised doubts about these two platforms, but the more interesting things are yet to come.
The Hyperliquid Validator Committee voted to delist the JELLY perpetual contract 26 minutes before Binance officially launched the perpetual contract. The final closing price was also the attacker's opening price (less than one-third of the market price at that time), and HLP made a profit of $700,000. Faced with a dilemma, Hyperliquid chose to take a step back and tore off the "fig leaf" of decentralization by itself.
2. Binance on the chain?
As the leading protocol in the on-chain perpetual contract track, Hyperliquid's trading volume accounts for 9% of Binance's global contract trading volume, which is far ahead of other Dex platforms. In contrast, other Dex platforms (such as Jupiter and dYdX) only account for about 5% of Binance's contract trading volume, so Hyperliquid is also known as "Binance on the chain".
However, this Dex project, which was founded after the collapse of FTX, seems to be far less lucky than Binance, and even has a more tortuous experience than SBF. After TGE, it has suffered a major attack almost every month, which makes Hyperliquid always hang on a thread. Let's review these security incidents:
1. December 2024: Potential threat from North Korean hackers (attempted attack)
Event details: Security researchers discovered that multiple marked North Korean hacker addresses conducted trading tests on Hyperliquid, with cumulative losses of more than $700,000. These addresses tested system vulnerabilities through repeated transactions, possibly preparing for subsequent attacks.
Risks: closed source code, opaque multi-signature mechanism, lack of publicity and review.
2. January 2025: ETH whale high leverage attack
The incident: A user used 50x leverage to open a long ETH order worth $300 million. After making a floating profit of $8 million, he suddenly withdrew most of the margin, causing the liquidation price to be pushed up. In the end, HLP was forced to take over the position and lost about $4 million.
Risks: problems with the margin mechanism and the HLP mechanism.
3. March 12, 2025: Second attack by ETH whale
What happened: The attacker once again used high leverage to operate the ETH contract, causing further losses to the HLP vault.
Countermeasures: On March 15, the network was urgently upgraded and the margin transfer rules were adjusted (the margin ratio was set to 20%).
4. March 26, 2025: The JELLY Incident
Events: As described above.
Risks: The centralization problem caused by the limited number of validators and the HLP mechanism problem are further amplified under the siege of Cex.
In last year’s article, I summarized some of the shortcomings of UNI. It is unlikely that humans will have a completely decentralized Dex project for several reasons:
1. A successful Dex project must rely on an entity team. The important development direction of the project is often completely controlled by them rather than the community (such as UNI front-end charging and UniChain online launch without community voting).
2. Governance voting is impossible to achieve complete decentralization. Projects with financing can be influenced by the lead investor, while successful projects without financing are more centralized in decision-making and revenue (such as Pump.fun). The most critical point is that the solution lies in the Sybil problem, but the solution violates the bottom line of decentralization.
3. No one is willing to give up their voice and interests. Among the well-known leaders in the blockchain world, even the most Buddhist Vitalik cannot become the next Satoshi Nakamoto.
4. Dex projects will undoubtedly develop towards capital efficiency. For AMM alone, development means taking on the risks brought by complexity and greater centralization. We have already talked about the issue of complexity in the article about UNI. UniChain is on the road to a more centralized "American Alliance" (Optimism Superchain), which is moving towards a more efficient but also more fragile system.
Then, in conjunction with the above security incident, let’s talk about Hyperliquid, which we didn’t talk about last year. Considering that blockchain currently only focuses on value circulation and a large amount of abandoned infrastructure, Perp Dex should be the most capable of taking over idle block space. However, through Hyperliquid’s reflection, there are still many problems with the full-chain Perp Dex:
1. For such projects, from the perspective of user choice alone, capital efficiency and project background > decentralization. (From the perspective of Cex's status, this is also an inevitable stage)
2. Perp Dex is not a black box, but a casino where everyone has a perspective glass. When funds can be leveraged 50 times, how can algorithms and mechanisms defeat gamblers with perspective glasses?
3. No financing is indeed a good narrative, and high performance is also a good narrative. But in fact, it is also a feature of more centralized decision-making and projects. After the security incident broke out, AMM had to admit defeat. Hyperliquid is more like a centralized exchange controlled by a few people, and the only advantage is that it is more transparent and does not require KYC.
4. In the absence of a dynamic risk control mechanism, should high-risk assets be treated strictly differently from mainstream assets? Should large withdrawals of unrealized profits trigger risk control?
5. Will Hyperliquid eventually become the “FTX 2.0” as Bitget CEO calls it?
3. Hyperliquid’s internal problems
With the fifth question mentioned above, let's expand on it. From the perspective of liquidity, although Hyperliquid is a leader among Dex, its whale deposits may account for nearly 20% of the platform's TVL under normal circumstances. This means that if a similar incident on a larger scale occurs again, it may trigger a large number of whales to flee, and Hyperliquid will instantly fall into a dead end of liquidity depletion. At this time, all that can be done is to unplug the network cable again, so the thickness and composition of liquidity are crucial for Perp Dex. Although Hyperliquid can directly compete with Cex in the second echelon today, it is obvious that in the absence of dynamic leverage restrictions, its on-chain liquidity is not enough to support this fixed ultra-high leverage.
From the perspective of architecture, Hyperliquid is a Dex with its own Layer1. The composition of the entire chain is quite innovative but not complicated. In simple terms, it is EVM+matching engine. According to the description in the official technical documentation, it is HyperEVM+HyperCore. Hyperliquid L1 is not a separate chain, but is protected by the same HyperBFT consensus as HyperCore. This allows EVM to interact directly with HyperCore, such as spot and perpetual contracts Perp.
We may need to explain HyperCore in detail here:
As mentioned above, HyperCore is equivalent to the matching engine of centralized exchanges. It shares the same consensus layer (HyperBFT) with HyperEVM, so the two are not independent chains, but different execution environments in the same blockchain network. Artela, a public chain from Alibaba, actually has a similar idea. HyperCore is positioned to focus on running the core business logic of the exchange (such as order book matching, derivatives clearing, and asset custody). Its underlying layer is based on RustVM (a virtual machine optimized for high-frequency trading) and adopts a licensing design. It only supports officially recognized functions (such as USDC assets and tokens generated through the HIP-1 protocol). Collaboration with HyperEVM is achieved through precompiled contracts. For example, a common operation is: a user initiates a perpetual contract liquidation operation through a contract on HyperEVM → the operation is written into HyperCore's order book through a precompiled contract → HyperCore performs clearing and settlement.
This dual-chain design under the same consensus layer actually has potential risks: 1. Inconsistent transaction status. 2. Synchronization delay. 3. Various interaction risks such as cross-chain liquidation delay. 4. Not permissionless. For a Layer 1, decentralization takes time to settle, and we cannot force it. But its architecture seems to have a lot of potential risks.
The HLP (HyperliquidPool) vault is the core of the Hyperliquid ecosystem. Its design logic is to build a decentralized market maker fund pool by aggregating community users' USDC and other assets. This is somewhat similar to the LP in AMM, but more efficient. The bottom layer of the vault adopts the "on-chain order book + strategy pool" dual-track system:
Order book mode: HLP actively places orders to provide depth, supporting professional trading functions such as limit orders and stop-loss orders;
Strategy pool mechanism: allows ordinary users to create customized liquidity strategies (such as dynamic spread adjustment), automatically execute market-making strategies through smart contracts, maintain a spread of 0.3% every 3 seconds, and ensure the flexibility of liquidity supply and maximize profits.
After depositing assets, users will receive HLP token certificates, and the sources of income include:
Transaction fee sharing: The 0.02%-0.05% transaction fee collected by the platform is distributed to liquidity providers in proportion;
Funding rate arbitrage: In perpetual contract transactions, HLP serves as a funding settlement pool for both long and short parties, capturing interest rate spreads;
Liquidation income: When a user's position is liquidated, HLP, as the final counterparty, absorbs the remaining margin and forms an additional income stream.
In short, the essence of HLP is to provide users with income (similar to Cex's arbitrage strategy) and provide liquidity for perpetual contract transactions on Hyperliquid. When users go long, HLP will sell contracts to meet user needs. When users go short, HLP will buy contracts. As mentioned above, when the user's position is forced to close, HLP, as the final counterparty, will absorb the remaining margin, that is, take over the position. At this time, the attacker manipulates the token price to rise, and HLP must buy back the token at a high price to close the position. According to the development trend of the JELLY incident, if the network cable is not unplugged, the explosion of the vault may come true on March 27.
To put it in layman's terms, the whale attacker is betting against a dealer with transparent cards and fixed behavioral logic, and the funds used by this dealer come from the community and all partners.
4. The road ahead is long and difficult
Perp Dex has been around for a long time, and its history is even longer than AMM. Its rise originated from the hybrid mechanism of dYdX, and it flourished from Hyperliquid's comprehensive simulation of Cex. Hyperliquid has achieved the best on-chain in terms of both returns and capital efficiency, but the problem is that in the short term, this grand occasion can still be maintained by relying on centralized governance, but in the long run, how to fight against the inefficiency and fragility brought by the decentralized part?
In the above article, we are not simply criticizing Hyperliquid, but also reflecting on the decentralized system, the fragmentation of liquidity, the evil caused by on-chain transparency, the inefficiency and centralization of voting governance, and the fragility under fixed logic. The road ahead for order book Dex is still full of thorns. In this war against Cex that has lasted for several years, Hyperliquid has at least conquered the most cities and territories. So on this basis, what should be the next step?
5. The market is always right
If we only consider correctness, I might casually say that FHE+Layer x with chain abstraction is the ultimate answer to Perp Dex, but this is obviously meaningless. Just like ZK+On-Chain Game a few years ago, it is correct but there is no demand. These things will always disappear in the wheel of the times.
The success of DeFi is not entirely due to how decentralized it is, but through the prism of decentralization, it meets the financial needs of users that CeFi cannot meet at all.
Hyperliquid is a successful paradigm of Perp Dex at this time point. It is OK to regard this emerging product as a Dex built on a single-machine chain or a Cex with a transparent ledger. From my point of view, it is more like a mirror version of BNB Chain. BNB has achieved success through the resource advantage of the world's first Cex. Hyperliquid has gained the worship of natives and refugees by wearing the "chain" robe. If it really wants to become a Buddha, the journey to obtain the scriptures must indeed go through eighty-one difficulties.
As a product that simulates Cex to the greatest extent through the chain, it has some anti-efficiency given by the chain. The convergence lever plus various insurance mechanisms do their best to avoid the embarrassment of unplugging the network cable, allowing it to safely overcome the difficulties in the short term.
If we extend this timeline a little, a new product may not follow the inherent thinking. Should the exploration of governance and various mechanisms also follow the thinking when Hyperliquid was established, with demand and efficiency first?
Reference articles:
1.Hyperliquid is being hunted again: a multi-party game of "the mantis stalks the cicada, while the oriole waits behind" https://www.techflowpost.com/article/detail_24591.html
2.Hyperliquid liquidation incident: Sober reflections after the leverage storm https://mp.weixin.qq.com/s/z9WHrHV5x32s6jMNkS2YsQ
