Hyperliquid: Resilience in the making, or a ticking time bomb?
Hyperliquid is a DEX built on its own Layer-1 blockchain, offering traders low fees, fast transactions, and advanced trading tools like perpetual derivatives. Hyperliquid was designed to function with the best features of decentralised exchanges while offering users an experience similar to centralised exchanges like Binance and Coinbase.
The exchange is backed by novel technology and is fundamentally a true innovation for the crypto space, which has helped it to grow rapidly, boasting billions in cumulative trading volume. But beneath popularity and protocol speed, recent events have slowly revealed structural issues, questionable decentralization, and a pattern of vulnerabilities that demand closer scrutiny.
Let’s start with the JELLY incident, not the first one, but it was the one that put Hyperliquid in the spotlight and triggered real structural changes.
The crash course
Jelly-my-Jelly ($jellyjelly) is a Solana meme-coin that was launched by Venmo co-founder Iqram Magdon-Ismail as part of the jellyjelly Web3 social media project where users can post clips quickly from a video chat.
On March 26, 2025, $jellyjelly and @HyperliquidX made headlines when a trader exploited the Jelly-my-Jelly (jellyjelly) token market on the Hyperliquid exchange, causing significant financial turmoil.
Source: DexScreener
The attempt
A short squeeze is a market phenomenon that occurs when a heavily shorted asset experiences a sharp rise in price, forcing traders who shorted to close out their positions.
It started when a massive $jellyjelly whale dumped the $jellyjelly on-chain, crashing the price to a mere $0.008. The exploiter then opened and funded accounts on Hyperliquid, depositing $7M into three separate accounts.
A $4.1M short position for $jellyjelly perpetual was first opened. The whale then removed his margin to force Hyperliquid’s built in market-making protocol (HLP) to take over the $4.5M short position. Once the HLP was triggered, he opened two long positions; a $2.15M and $1.9M, while buying large sums of $jellyjelly on-chain to drive the price back up, pumping it over $0.05. This caused HLP to suffer a loss of nearly $12M, while the exploiter gained a minimum of $6.26M.
ZachXBT, the favourite on-chain sleuth of the masses, was quick to find that the two Hyperliquid accounts involved in the $jellyjelly price manipulation had connections to big CEXs such as OKX, MEXC, ByBit, and Binance as the accounts received funding from the said exchanges prior to the incident. Adding more fuel to the fire, Binance and OKX both announced on the same day of the manipulation that it would be listing $jellyjelly perpetuals as well.
The response
Hyperliquid delisted $jellyjelly perpetual futures, closing the $4.1M short position and initiated plans to reimburse most affected users except for the accounts involved in the exploitation through the Hyper Foundation.
The DEX miraculously made $700K USDC out of the incident. The incident drew criticism from industry observers who questioned Hyperliquid's approach of handling the situation overall raising concerns of market integrity.
In March alone, Hyperliquid garnered an app revenue of $38.19M. Prior to the scandal, Hyperliquid’s $1.09B assets also ranked the DEX 14th in terms of largest global assets surpassing that of MEXC, a centralized exchange.
Are big Centralised Exchanges threatened by Hyperliquid’s quick rise to fame? Are Binance, OKX, MEXC, and ByBit working together to sabotage the new kid on the block Hyperliquid? Many within the crypto community believe that this attack could be a coordinated attack by major CEXs.
The incident between $jellyjelly and Hyperliquid has brought to light once again the vulnerabilities that exist in the industry; encouraging De-Fi platforms to improve risk management without compromising their integrity, and traders to mitigate risks in future volatile markets.
While the Hyperliquid team has received praises for “dodging an unrecoverable bullet”, their act of delisting $jellyjelly was criticized for revealing the concerning back end of decentralised exchanges. To others the delisting has been justified as risks have been well mitigated at a larger picture. The claims of being censorship resistant or permissionless finance may just be a mask worn by a contemporary centralised system.
However, JELLY was not the first sign of stress, the JELLY event serves as the most recent case of how easily Hyperliquid’s internal mechanics can be manipulated, but it was only the trigger event.
A Pattern of Exploit Attempts
Ever since October of 2024, on-chain analysts were able to link $794K in trading losses on Hyperliquid to wallets associated with North Korea. According to @tayvano_ and Lookonchain, the wallets used stolen ETH to open leveraged long positions, only to be liquidated within two days. Hyperliquid denied any breach or exploit, but the activity raised suspicions.
Some people saw it as an isolated misuse. Others interpreted it as potential probing attacks from state-linked actors testing how easily the platform could be gamed. Either way, it’s probably the first stress test on the protocol, and it has been going on for months.
Source: @tayvano_ on X
Before the JELLY incident on March 26, 2025, Hyperliquid faced a similar controversy involving a large Ethereum (ETH) position worth ~$335.6M that caused significant losses for its Hyperliquidity Provider (HLP) vault. This earlier event, occurring around March 12, 2025, involved a whale trader leveraging a massive ETH long position, which some speculated was an attempt to exploit or destabilize the platform.
Hyperliquid confirmed it was a “user” and not an exploit, however, this event raised concerns about Hyperliquid’s risk management and liquidation mechanisms. The large liquidation size overwhelmed the HLP vault, which is designed to diffuse losses among vault participants
Hyperliquid’s Long-Term Solution and Patching
While Hyperliquid was quick to contain the immediate effects of the JELLY exploit, they introduced more robust protection mechanisms shortly afterward. The team introduced structural updates to the protocol, specifically targeting the mechanics that allowed the exploit to cause such outsized damage to the HLP (Hyperliquidity Provider), Hyperliquid’s proprietary market making and liquidation vault.
The most important change was introducing a cap for HLP’s liquidator component, meaning it can no longer overexpose itself to backstop liquidations. During the JELLY event, HLP used its full collateral to absorb losses, leading to nearly $12M in damage. With the new changes, those losses would’ve been limited to the low six figures, lower than the attacker’s cost to manipulate the market. Hyperliquid also made emphasis on its liquidation hierarchy: liquidations first go to the market as regular orders, then to HLP for backstopping, and only as a last resort trigger ADL (auto-deleveraging). Actually, they also adjusted ADL mechanics to better target attacker-sided positions in manipulation attempts.
While these changes demonstrate responsiveness and risk awareness, they also reveal something deeper: that the system wasn’t as robust as many assumed. The platform may not have been at solvency risk, but the fact that a core liquidity engine needed patching after this event raises legitimate questions about the maturity of the protocol’s risk management.
Although Hyperliquid has made some updates to their model and have clarified some of the biggest concerns, the main one has not been mentioned. Centralized validator setup was ignored while they made changes. They also introduced a fully on-chain, stake-based voting system for asset delisting, that allows validators to vote on delisting decisions, which are executed automatically upon reaching a quorum. However, this means nothing if the protocol is centralized…
A Bigger Concern: Centralization
Despite branding itself as a decentralized exchange, Hyperliquid’s current validator setup tells a different story. The platform runs with only 16 validators, all handpicked based on testnet performance. More concerning is that 78.99% of all staked $HYPE (331.9M out of 420.2M) is controlled by foundation nodes.
So while governance features, like their newly introduced on-chain asset delisting vote, might appear decentralized, they’re largely performative. If one entity controls nearly 80% of the vote, decentralization becomes an illusion, not a safety mechanism. Hyperliquid’s validator distribution is not just a detail, it’s a governance vector, and currently, it’s centralized by design.
What’s your next move, Hyperliquid?
Hyperliquid established a name for itself thanks to its speed, innovation and trustless trading. But for the concept of trustless-ness to work, users must believe the system cannot be changed on just a whim, and now that belief is being tested against Hyperliquid’s immediate action against the $jellyjelly whale.
That said, traders among the industry praised Hyperliquid’s move as a protocol defense and appreciated the platform's attempt to protect the community at a grander scale. While others saw the move as simply a red flag. An indication that means no matter the front end, the back end can still be overruled by humans pulling levers. Whether it’s the ETH whale, DPRK-linked wallets, or the JELLY attacker, these events point to more than coincidences, they suggest that Hyperliquid’s internal systems, from HLP risk controls to validator governance, were underbuilt for the scale it is operating at.
Hyperliquid’s responses so far do show resilience, but centralization shows bigger concerns. If the foundation for the exchange remains centralized, and they keep relying on reactive fixes to their issues, Hyperliquid may not be building resilience, but just passively waiting for every next systemic test.
Sources
https://x.com/zachxbt/status/1904902102079410337
https://x.com/HyperliquidX/status/1904923137684496784
https://x.com/lookonchain/status/1904902828319269068
https://finance.yahoo.com/news/hyperliquid-whale-retains-10-jelly-005913886.html
https://defillama.com/chain/hyperliquid-l1?groupBy=monthly&appRevenue=false&tvl=false&volume=true&perps=t