In March 2025, a trader exploited Hyperliquid, one of the largest decentralized perpetuals exchanges, through a coordinated manipulation of the JELLYJELLY memecoin. The incident caused $13.5 million in unrealized losses for the platform’s liquidity pool and triggered a controversial emergency response that raised fundamental questions about decentralization.

This was not a hack. It was a strategic manipulation of exchange mechanics by a single well-funded participant, and it exposed structural vulnerabilities that exist across the DeFi derivatives landscape.

What Is Hyperliquid

Hyperliquid is a decentralized exchange (DEX) focused on perpetual futures trading. It operates on its own Layer 1 blockchain and was one of the fastest-growing DeFi platforms heading into 2025.

Key features:

• on-chain perpetual futures with up to 50x leverage
• a Hyper Liquidity Provider (HLP) pool that acts as the counterparty to trades
• a validator-based governance model
• no centralized order book — the platform’s liquidity pool absorbs the other side of user positions

The HLP pool is critical: it is community-funded liquidity that takes the opposite side of trades. When the pool loses money, liquidity providers lose money.

What Happened: The JELLY Exploit

The Setup

The JELLYJELLY token was a low-liquidity Solana memecoin created in January 2025 by Venmo co-founder Iqram Magdon-Ismail via the pump.fun launchpad.

On March 26, 2025, a whale deposited $7 million across three separate Hyperliquid accounts:

• Account 1: $2.15 million long position on JELLY perpetuals
• Account 2: $1.9 million long position on JELLY perpetuals
• Account 3: $4.1 million short position on JELLY perpetuals

The long and short positions roughly cancelled each other out in terms of market exposure, but the setup created an asymmetric payoff opportunity.

The Attack

After establishing these positions, the trader aggressively bought JELLY on spot markets, driving the token price sharply higher.

This caused:

• the two long accounts to profit significantly
• the short account to be liquidated
• the liquidated short position to be absorbed by Hyperliquid’s HLP pool
• the HLP pool to now hold a massive underwater short position in a rapidly rising market

At peak exposure, the HLP pool’s unrealized losses reached $13.5 million.

Why It Worked

The exploit succeeded because of structural features in Hyperliquid’s design:

• low-liquidity asset listing — JELLY had thin order books, making it easy to move the price
• automatic liquidation absorption — the HLP pool is designed to absorb liquidated positions, which became a vulnerability when those positions were deliberately created to be toxic
• no position size limits relative to market liquidity — the trader could build positions larger than the market’s ability to absorb them safely
• cross-market arbitrage — the trader could manipulate the spot market on external exchanges while profiting from the perpetuals on Hyperliquid

This was market manipulation through system design exploitation, not a software bug.

Hyperliquid’s Response

Emergency Delisting

Hyperliquid’s validator set convened and voted to delist JELLY perpetuals immediately. The platform:

• closed all JELLY positions at a price determined by the validators
• settled the HLP pool’s exposure
• removed JELLY from the platform entirely

The Controversy

The response drew sharp criticism across the crypto industry:

Bitget CEO Gracy Chen called Hyperliquid’s handling “immature, unethical, and unprofessional,” warning it could become “FTX 2.0” if governance issues were not addressed.

The core criticisms were:

• centralization concern — a small group of validators unilaterally decided to void active market positions
• precedent risk — if validators can delist and settle at chosen prices during losses, the platform is not truly decentralized
• trust erosion — traders who held legitimate JELLY positions had them forcibly closed at validator-determined prices
• selective intervention — the platform intervened when the HLP pool lost money, raising questions about whether it would intervene equally if individual traders lost

Hyperliquid’s Follow-Up

After the incident, Hyperliquid:

• announced changes to its validator structure
• proposed stricter listing requirements for low-liquidity assets
• began reviewing position size limits relative to market depth

Whether these changes are sufficient remains debated.

What This Reveals About DeFi Risk

1. “Decentralized” Has a Spectrum

Hyperliquid markets itself as decentralized, but the emergency response was executed by a small validator set making a centralized decision. True decentralization would mean no single group could unilaterally void market positions.

Traders should ask:

• how many validators does the network have?
• what governance model controls emergency actions?
• has the platform ever intervened in market outcomes before?
• who controls the upgrade and parameter-change authority?

2. Liquidity Pool Risk Is Real

If you provide liquidity to a DeFi protocol’s pool (like HLP), you are exposed to:

• toxic flow from sophisticated traders
• manipulation attacks on low-liquidity assets
• emergency governance decisions that may or may not protect your capital
• impermanent loss and adverse selection risk

Providing liquidity is not passive income. It is active risk exposure.

3. Low-Liquidity Asset Listings Are Attack Surfaces

Any perpetuals platform that lists assets with thin order books and low market cap creates potential exploitation vectors. The thinner the liquidity, the easier it is to move prices with concentrated capital.

4. Cross-Market Manipulation Is Structural

When a trader can move the spot price on Exchange A and profit from the derivatives impact on Exchange B, the manipulation cannot be prevented by either platform alone. This is a systemic issue in fragmented crypto markets.

Practical Lessons for Traders

If You Trade on DeFi Perpetuals Platforms

• Understand how liquidations are handled and who absorbs them
• Avoid trading low-liquidity assets on leveraged platforms where you have no information edge
• Check whether the platform has circuit breakers or position limits
• Monitor governance proposals and validator decisions — they can affect your positions directly
• Be aware that emergency interventions may settle your positions at prices you did not choose

If You Provide Liquidity to DeFi Pools

• Understand exactly what positions the pool can be forced into
• Monitor pool exposure during high-volatility events
• Do not treat liquidity provision yields as “safe” returns
• Diversify across protocols and pool types
• Accept that governance risk is part of the return profile

If You Are Evaluating DeFi Platforms

• Check the actual validator count and distribution
• Look for transparent emergency-action policies
• Evaluate the platform’s listing standards for new assets
• Read post-mortem reports from previous incidents
• Distinguish between “decentralized” marketing and actual governance structure

Comparison with Centralized Exchange Risk

Risk Factor	Centralized Exchange	DeFi Platform
Custody	Exchange holds funds	Smart contract holds funds
Governance	Corporate decisions	Validator/DAO decisions
Manipulation protection	Surveillance and market-making rules	Often minimal or emergent
Emergency intervention	Exchange can halt trading	Validators can alter/close positions
Regulatory oversight	Varies by jurisdiction	Generally minimal
Transparency	Limited	On-chain (theoretically full)

Neither model eliminates risk. The Hyperliquid incident shows that DeFi can have the same governance problems as centralized platforms, just with different mechanics.

Final Takeaway

The Hyperliquid JELLY incident was not a hack or a bug. It was a rational economic attack by a well-capitalized trader who understood the platform’s mechanics better than its designers anticipated.

The response — a centralized emergency intervention on a “decentralized” platform — raised questions that the DeFi industry has not yet answered: what does decentralization mean when a handful of validators can void your positions?

For traders, the lesson is clear: understand the governance model of any platform where you hold risk. In DeFi, the rules can change mid-game, and the people who change them are not necessarily accountable to you.