Recap of the Price Manipulation in Hyperliquid

In the past 24 hours, Hyperliquid, a well-known derivatives DEX that has recently faced multiple whale attacks, has once again been exploited due to a price manipulation vulnerability involving the JELLY token. This incident not only caused a sharp decline in the total value locked (TVL) in Hyperliquid’s liquidity vault (HLP) but also raised concerns within the Web3 community regarding the exchange’s security and transparency.

Inside the Hyperliquid Price Manipulation

Background of the Case

Hyperliquid is a decentralized exchange (DEX) specializing in perpetual futures trading. It operates on its own Layer-1 blockchain, HyperEVM, designed for fast and efficient transactions.

Hyperliquidity Provider is an internal liquidity vault of Hyperliquid that acts as a market maker and handles liquidations. Users can deposit USDC into HLP to share in its profits or losses. The HLP vault on Hyperliquid is responsible for liquidity management and supporting the system in cases of forced liquidations.

$JELLY is a low-market-cap token, initially ranging from $10-20 million, being listed on Hyperliquid – newly rumored to list on CEX like Binance or OKX. Due to its small capitalization, it is susceptible to price manipulation.

JELLY Price Manipulation from The Whale

The event on March 26 began when a whale, using wallet 0xde95, opened a massive short position worth approximately $8 million on $JELLY through Hyperliquid. This position, equivalent to 126 million JELLY, was large enough to manipulate JELLY’s market price.

The whale then deliberately removed the margin, eliminating the necessary collateral to maintain the position. This triggered an automatic liquidation, forcing Hyperliquid’s HLP vault to take over the massive short position (forced liquidation).

Wallet 0xde95 aggressively pumped JELLY’s price on-chain, purchasing a large amount of $JELLY in the spot market to artificially inflate its value. Within less than an hour, JELLY’s market cap surged from $10 million to over $50 million, causing a short squeeze—forcing short positions to close at a loss. As a result, HLP incurred an unrealized loss of up to $12 million. According to analyst Abhi, if JELLY’s market cap were to reach $150 million, Hyperliquid could face complete insolvency.

Amid the chaos, a new wallet (0x20e8) opened a large long position on Hyperliquid and quickly accumulated an unrealized profit of approximately $8.2 million as $JELLY’s price surged.

Seeing the extreme volatility, centralized exchanges (CEXs) such as Binance and OKX swiftly listed perpetual futures (perps) for $JELLY, further fueling trading activity and price fluctuations.

Rumors suggest wallets 0x20E8 and 0x67f were Binance-funded, according to an investigation by ZachXBT. While unverified, Hyperliquid faces relentless attacks from whales and major CEXs.

Read more: Centralized Exchanges Intend to Destroy Hyperliquid?

Hyperliquid’s Responses Amid the Chaos

Recognizing the risk, Hyperliquid took decisive action to counter the attack and mitigate potential financial losses. The validator group held an emergency meeting and voted to delist JELLY perps, adjust JELLY’s oracle price to $0.0095 per token, and close all open positions related to $JELLY.

As a result, HLP not only avoided major losses but also secured a net profit of $700K. Hyper Foundation pledged to compensate affected users, excluding wallets involved in the manipulation. However, not everyone is happy with this resolution!

HLP Vault and Price Manipulation from DEX?

After the incident, many praised Hyperliquid for its quick and decisive actions to protect users. However, the exchange’s moves—both delisting JELLYJELLY and adjusting the oracle price to avoid losses—have raised serious questions within the crypto community about the true decentralization of this DEX.

Hyperliquid later announced on X that after detecting suspicious trading activity, the validators decided to intervene and voted to delist JELLYJELLY. The exchange defended the validators’ responsibility to intervene for system integrity but acknowledged the need for greater transparency in the voting process.

Yet, this explanation did not satisfy everyone in the community.

Furthermore, Hyperliquid’s mixed vault mechanism could be a major vulnerability, making it susceptible to well-planned, intentional manipulation by whales. The HLP vault on Hyperliquid is responsible for liquidity management and handling forced liquidations. This is the same mechanism an anonymous whale exploited a week ago by shorting BTC and longing ETH, securing millions in profits.

Gracy Chen, CEO of Bitget, compared Hyperliquid to “FTX 2.0”, criticizing its unprofessional handling of the situation and high-risk financial product design. She argued that the mixed vault structure puts users at a disadvantage, compounded by the lack of KYC/AML compliance, raising serious regulatory concerns.

The total value of the HLP fund has plummeted from $283 million before the attack to $190 million at the time of writing. Meanwhile, Hyperliquid’s HYPE token HYPE is down 6%, as the shorting of JELLYJELLY inflicted significant losses on the project.

After Hyperliquid delisted JELLY from its platform to avoid losses, the community has grown increasingly skeptical about the decentralization of a DEX. This has severely damaged user trust and presents a significant challenge for the project’s builders—balancing true decentralization while preventing manipulative incidents like the recent one. This serves as a harsh lesson for Hyperliquid, highlighting the risks of listing an illiquid token that can have its supply controlled through decentralized exchanges.