Original Article Title: "Hyperliquid Under Siege Again: A Multi-party Game of 'Praying Mantis Hunts the Cicada, But the Oriole is Behind'"

Original Source: DeepTech TechFlow

On the night of March 26, the treasury of the decentralized exchange platform Hyperliquid faced a liquidation risk of up to $240 million due to price manipulation of the memecoin $JELLYJELLY.

Prior to this, a 50x leverage whale on Hyperliquid had previously detonated its own long position through a similar tactic, putting the Hyperliquid treasury at risk of loss.

(See "50x Leverage Whale on Hyperliquid" Fully Closed, 16 Million ETH Long Position "Actively Liquidated")

This recent attack in the evening not only exposed the vulnerability of DeFi/DEX platforms in high-leverage trading but also became more complex due to centralized exchange (CEX) "active assistance" — resembling more of a scenario where the praying mantis hunts the cicada, but the oriole is behind:

The attacker aimed to profit through price manipulation, while the CEX sought to attract users and traffic by listing popular tokens, indirectly undermining the fund security and reputation of their DEX competitors.

If you are not familiar with Hyperliquid and the attack incident, we have also collected summaries and analyses from various parties, attempting to review the full event, explain the attack principle in layman's terms, and discuss the motives of all parties.

Event Timeline: From Short Position to Treasury Crisis

Firstly, you need to know what Hyperliquid is.

Hyperliquid is a decentralized exchange platform based on its own Layer 1 blockchain, offering perpetual contract trading, aiming to combine the advantages of centralized and decentralized exchanges.

Its treasury, HLP, is a community-owned protocol treasury responsible for market-making and liquidation, allowing users to deposit to share profits and losses. According to Vaults | Hyperliquid Docs, HLP deposits have a 4-day lockup period to support platform liquidity.

So, what was the entire process of the attack on the HLP treasury like?

(Image Source: Aiyi's Twitter Post)

· Opening a Short Position: According to AI Mama, an attacker opened a $4.08 million short position for $JELLYJELLY on Hyperliquid using the address 0xde9...f5c91. The position was opened at $0.0095 with a $3.5 million USDC collateral.

· Price Manipulation to Trigger Liquidation: Another address (e.g., Hc8gN...WRcwq) coordinated a spot sell-off of $JELLYJELLY, suppressing the spot price to make the short position appear profitable. The attacker then withdrew $2.76 million USDC collateral, triggering the liquidation and causing the treasury to take over the position.

· Price Pump to Amplify Losses: After the liquidation, the attacker orchestrated two intense buy waves of $JELLYJELLY at 21:01 and 21:45, pumping the price. According to CoinGecko data, the price surged by 230% in a short period, intensifying the treasury's short position losses.

· Centralized Exchange (CEX) Intervention: As long as JELLYJELLY continued its rise, the short position losses would further escalate. At this point, Binance and OKX launched $JELLYJELLY perpetual contracts, attracting significant trading volume, causing the price to surge further and worsening the treasury losses.

· Treasury Faces Run-Off Risk: As of March 27, 2025, the treasury's unrealized losses amounted to $10.63 million, with a TVL reduction of approximately $20 million. The latest TVL stood at $231 million (Hyperliquid dashboard). If $JELLYJELLY's price reaches $0.17, the treasury might face liquidation, resulting in a $240 million loss.

· Hyperliquid Delists JELLYJELLY Without Incurring Losses: Subsequently, Hyperliquid liquidated 3.92 billion JELLY tokens (equivalent to around $3.72 million) from its treasury at the price of $0.0095, yielding a profit of $703,000 with no losses incurred. Additionally, upon discovering evidence of suspicious market activity, the validator set held a meeting and voted to delist the JELLY perpetual contract, with all users being fully compensated by the Hyper Foundation.

Price Manipulation and the "Assist" Effect of CEX

If you're feeling a bit confused, consider understanding the concept of shorting in combination with spot trading, as well as the role of CEX assistance.

Shorting involves an investor borrowing an asset to sell, with the expectation of buying back at a lower price after the price drops to repay the loan and make a profit.

For example: Assuming the price of $JELLYJELLY is $0.10, an attacker borrows 1 million tokens and sells them, receiving $100,000. If the price drops to $0.05, they buy back at $50,000 to repay, making a $50,000 profit. However, if the price rises to $0.15, they would need $150,000 to buy back, resulting in a $50,000 loss.

Hyperliquid Liquidation Mechanism

At Hyperliquid, when a trader's margin is insufficient to cover potential losses, their position is liquidated. According to Liquidations | Hyperliquid Docs, the liquidation uses a mark price (a combination of external CEX price and Hyperliquid order book status) to ensure a more robust liquidation. After liquidation, the HLP Treasury takes over the position and assumes the subsequent risk.

Now, let's revisit the earlier sections on shorting and spot buying:

· Attacker's logic: Manipulate Price -- Trigger Liquidation -- Create Loss

The attacker opens a short position on $JELLYJELLY at $0.0095, simultaneously selling spot to drive the price down, making the short position appear profitable.

The reason this manipulation is so easy is because the attacker's target is the meme coin $Jellyjelly, which has a deep order book gap, making price manipulation much easier.

The attacker withdraws most of the collateral (e.g., 2.76 million USDC), rendering the short position unsustainable, triggering the liquidation mechanism where Hyperliquid's Treasury has to take over this short position.

The key is that the attacker then buys $JELLYJELLY, pushing the price up to $0.16, forcing the Treasury to buy back $JELLYJELLY at a higher price to close the position, resulting in a larger loss.

CEX Assistance Principle

By listing a perpetual contract for $JELLYJELLY on the CEX, a clear "assistance" effect is observed.

With its large user base and trading volume, once the CEX lists the perpetual contract for $JELLYJELLY, it attracts a large number of speculators. This significantly drives up the price of $JELLYJELLY, further exacerbating the Treasury's short position losses.

You can also see from the reply below that the intent of the CEX to intervene proactively is also very clear.

Subsequent Impact

Although Hyperliquid promptly took action to delist the $JELLYJELLY perpetual contract, causing no actual loss to the treasury, this incident exposed the vulnerability of DeFi platforms when facing high-leverage trading and price manipulation.

More importantly, this event has sparked widespread community questioning of Hyperliquid's liquidation mechanism and decision-making transparency. Users are concerned about whether the platform can continue to maintain fund security in similar future events, while also questioning whether the platform truly achieves decentralized governance.

One post mentioned that the TOP10 deposit address provides 15.9% of the funds, and if a whale withdraws funds, it will accelerate a vicious cycle, forming a "bank run."

Although no fund loss occurred, reputational damage may have already begun to surface.

Is Hyperliquid really a DEX? If so, why could it easily delist the token? Is governance power concentrated in the hands of a few?

These community doubts reflect DeFi users' concerns about platform governance transparency and community participation while also posing a new challenge to Hyperliquid: how to balance decentralization and efficiency while maintaining fund security.

As a DeFi platform, Hyperliquid relies on the community treasury and liquidation mechanism, but in the face of the massive trading volume and market influence of CEX, it appears fragile. CEX can quickly attract funds and influence prices by listing popular tokens, while DeFi platforms may face crises due to insufficient liquidity and price manipulation.

The Mantis Stalks the Cicada, But the Oriole is Watching

This is a complex game where each participant holds different motivations, trying to take the lead in this price manipulation game.

Attacker: Profit-Driven Price Manipulator

The attacker's goal is to profit from price manipulation. The Ai Yee post shows that the manipulating address holds 124 million $JELLYJELLY tokens (worth $4.86 million), possibly employing a pump-and-dump strategy after the surge. They may be imitating the earlier 50x leveraged whale operation, taking advantage of the price volatility of a low liquidity memecoin.

Hyperliquid: Safeguarding Users and the Platform

Hyperliquid strives to protect user funds and platform stability. A community post mentioned the platform may adjust the BTC and ETH leverage ratios to mitigate such risks. Future efforts may include increasing margin requirements or enhancing the liquidation mechanism to safeguard HLP community funds.

CEX: "Precision Strike" in Competition

The rapid response and listing actions of CEX are not just business decisions but likely also driven by competitive considerations.

By promptly listing the $JELLYJELLY perpetual contract, CEX attracted a large number of speculators into the market, driving up the token price and indirectly exacerbating the loss risk of Hyperliquid's treasury.

This precise market intervention, seemingly for profit pursuit, could actually be a "precision strike" — by amplifying Hyperliquid's liquidation crisis, weakening its position as a DeFi platform in the market competition.

From the above motivations, it can be seen that attackers do not always have the upper hand. CEX's market strategy to some extent leveraged the attacker's actions, further magnifying its market influence. The roles of hunter and prey constantly shift in this multi-layered game, ultimately forming a complex network of interests.

For Hyperliquid, this is not only a fund security crisis but also a test of trust.

After all, this is not the first time something like this has happened. Previously, the 50x leverage kingpin also exploited the Hyperliquid mechanism to "forcefully close a long position of 160,000 ETH" and withdrew profits of $1.857 million...

Whether such attacks will occur again is unpredictable, but in this incident, what is evident is:

There still exists a gap between the ideal of decentralization and reality, and behind more efficient transactions lies a more cutthroat game.

Original Article Link

Welcome to join the official BlockBeats community:

Telegram Subscription Group: https://t.me/theblockbeats

Telegram Discussion Group: https://t.me/BlockBeats_App

Official Twitter Account: https://twitter.com/BlockBeatsAsia