The recent $10.63 million exploit involving Hyperliquid’s JELLY token is prompting renewed scrutiny of systemic vulnerabilities within the DeFi space. Experts warn the incident could be indicative of broader risks that may affect other decentralized finance protocols.
Dr. Jan Philipp Fritsche, Managing Director at Oak Security, told crypto.news that the issue was not rooted in a smart contract bug but in a flawed protocol design—one that exposed Hyperliquid to preventable market manipulation.
How the Exploit Played Out
The attacker initiated a $5 million short position on JELLY, then withdrew their margin—leaving the position fully exposed. This triggered a short squeeze, as other traders took advantage of the protocol’s uncovered risk. Ultimately, Hyperliquid was forced to absorb the losses while the attacker pocketed millions.
“This was a textbook example of unpriced vega risk,” Fritsche explained, referring to the protocol’s failure to account for volatility in derivative payouts.
Since payouts were uncapped and risks weren’t compartmentalized, Hyperliquid bore the full brunt of the loss—a vulnerability Fritsche says is still prevalent across many DeFi platforms.
Industry Reaction: A Cautionary Tale
Bitget CEO Gracy Chen condemned the exploit and criticized Hyperliquid’s handling of risk, calling the platform’s practices “immature and unprofessional.” She even likened the situation to “FTX 2.0”, warning that without immediate structural changes, similar collapses could occur.
Although Hyperliquid has committed to compensating affected users, the exploit has cast doubt on its long-term credibility—and reignited concern over the robustness of DeFi infrastructure.
DeFi Security Woes Widen in 2025
The JELLY exploit is the latest in a troubling pattern. According to 2024 data, DeFi exploits accounted for over $308.7 million in losses—outpacing rug pulls, which caused $192.9 million in damage.
Just days later, another DeFi project, SIR.trading, was drained of its entire $355,000 TVL, highlighting the sector’s ongoing security challenges.
As the DeFi ecosystem grows, experts say design-level risk management—not just code audits—must become a top priority.
