On March 26, 2025, a trader orchestrated a sophisticated manipulation of the Jelly-my-Jelly (JELLY) token on the Hyperliquid decentralized exchange (DEX), resulting in a $13.5 million loss for the Hyperliquid Vault (HLP).
Exploit Mechanics:
- Account Setup: The trader utilized three Hyperliquid accounts, depositing approximately $7 million within minutes.
- Positioning: Two accounts established long positions of $2.15 million and $1.9 million in JELLY, while the third took a $4.1 million short position.
- Manipulation: By removing margin from the short position, the trader forced it into the HLP. Subsequently, aggressive buying inflated JELLY’s price, leading to significant vault losses due to the token’s low market capitalization and liquidity.
Hyperliquid’s Response:
To mitigate further damage, Hyperliquid’s validators voted to delist JELLY perpetual contracts and settled positions at $0.095. The Hyper Foundation committed to reimbursing affected users, excluding those linked to the exploit.
Community Reaction:
The incident sparked debates about Hyperliquid’s decentralization and market integrity. Critics questioned the platform’s centralized intervention capabilities and the effectiveness of its risk management strategies.
Conclusion:
The JELLY exploit highlights vulnerabilities in DEX platforms, especially concerning low-liquidity tokens. It underscores the need for robust risk management and transparent governance to maintain user trust and platform integrity.
