The attacker's self-inflicted loss of 3 million in a 'suicide-style' attack may, in fact, have been offset by external hedging, making this more akin to a low-cost 'stress test' targeting the protocol's defensive capabilities.
By The Smart Ape
Compiled by: AididiaoJP, Foresight News
The crypto industry is always abuzz with slogans such as 'code is law,' 'trust math, not people,' and 'open source + decentralization'...
These statements are correct, but the events of the past few weeks have once again highlighted just how fragile our current model remains.
Even @HyperliquidX, currently the most advanced decentralized exchange for perpetual contracts, has just experienced a significant attack.
An attacker blew up their own $3 million in funds just to cause a $5 million loss to the protocol’s HLP treasury—almost double the amount they liquidated.
On the surface, this appears to be a 'suicidal' attack, yielding no profit but only destruction.
However, in a world where Hyperliquid has harmed many competitors, including large institutional platforms, the idea that someone could pay $3 million to inflict a $5 million loss on HL is extremely alarming.
If this attack vector remains open, there will be nothing to stop larger players from escalating it.
How the attack was carried out
First, the attacker withdrew $3 million worth of USDC from @okx, dispersing it into 19 new wallets, and then sent all the funds to Hyperliquid.
Next, he established a large leveraged long position in the HYPE / POPCAT perpetual futures market. Using the $3 million as margin with 5x leverage, he ultimately controlled a position size of $26 million.
Up to this point, everything appeared normal. However, what changed everything was that when the price was near $0.22, the attacker placed a $20 million buy order at around $0.21. This created the illusion of strong support — "Look, there’s a massive buyer here; the price is unlikely to fall below this level." Observing this, other traders believed significant capital was supporting the price, so they also went long. Consequently, more people began leveraging long positions or inadequately hedging their risks because they felt protected by that 'wall'.
However, this was not genuine support—it was a trap.
Once enough traders joined the long side, the attacker removed the fake buy wall, causing liquidity to instantly become extremely thin, with no real support underneath.
Then the price started to decline, leveraged traders began to get liquidated, which triggered more selling, and these sell-offs caused further liquidations. This was a classic chain reaction of liquidations but one that was deliberately engineered.
At the end of this chain reaction, many traders faced liquidation, but according to the system's operational mechanism, the protocol’s treasury ultimately absorbed a loss of $4.9 million.
On-chain, the attacker’s own $3 million margin position appears to have been completely wiped out.
On paper:
- Attacker: -$3 million
- HLP Treasury: -$5 million
This appears to be a "suicidal" attack.
What is HLP, and why did it bear the losses?
HLP can be thought of as a large shared treasury, primarily funded with USDC, serving as the ultimate counterparty for all traders on Hyperliquid.
Users deposit USDC into HLP. In exchange, they:
- Provide liquidity to the system
- Assume risk
- Earn fees/revenue when traders incur losses or pay funding rates
In very simplified terms:
- If traders lose money, HLP profits (vault grows).
- If traders make money, HLP pays out (vault shrinks).
It functions like a combination of a massive automated market maker and an insurance fund.
Thus, if a specific market (e.g., POPCAT/HYPE) collapses, the global HLP will be impacted. Overall, HLP has been highly profitable and continues to generate earnings in the long term. In total, they have generated a net profit of $118 million. Compared to their accumulated gains since inception, this $5 million attack is negligible.
The main question is, why did HLP take a $5 million hit here?
In a smooth and normal market, traders are liquidated before their positions are forced into liquidation, with their losses covering the payouts to the winning side, keeping the system roughly balanced.
However, in such a sharp crash:
- Prices move too quickly
- Liquidity vanishes precisely when it's most needed
- Some positions become difficult or impossible to close at a fair price
- Slippage can become substantial
- The proceeds from liquidations may not fully cover the amounts owed
The shortfall between what the losing side was supposed to pay and what the system actually collects on-chain ultimately falls on the HLP treasury.
And this is precisely the part that is frightening from a protocol risk perspective.
Did the attacker really burn through 3 million US dollars?
I don't believe the attacker liquidated 3 million US dollars. The attacker almost certainly hedged elsewhere (centralized exchanges, options, other perpetual contracts, or even over-the-counter transactions).
For instance, he might have:
Established an opposing position on another exchange (shorting POPCAT / related risks)
Constructed a market-neutral trade to profit from imbalances in the Hyperliquid market.
Utilized over-the-counter agreements with counterparties benefiting from Hyperliquid’s losses.
We lack publicly available evidence of such hedging.
However, from the perspectives of game theory and capital efficiency, this explanation is far more plausible.
In that scenario, the attacker's actual profit or loss ≈ 0 or even positive, while Hyperliquid’s HLP treasury bore a significant loss of approximately 5 million US dollars alone.
Testing the theory
This could be a test attack. For well-funded players, it is a 'small-scale' attack, just enough to observe the system's response, changes in HLP, the speed of the team’s reaction, the actual depth of the treasury, and whether emergency control measures like bridge locking are truly effective.
When thinking like a professional attacker or a well-capitalized competitor, $3 million may not necessarily represent a loss; it can be considered part of a research and development budget—a preparation for larger, more coordinated actions with better hedging that aim not only to drain funds but also to undermine core trust.
How can Hyperliquid defend against such attacks?
First, they can limit the exposure risk that a single entity can establish, even across multiple wallets (using heuristic methods: funding patterns, timing, IP addresses, behavior). They can also impose stricter margin requirements when one side of the order book becomes heavily skewed. Globally, this would increase the cost of establishing massive directional positions capable of potentially wiping out the HLP in one go.
To enhance market safety, they can implement circuit breakers and volatility safeguards for each market, which would slow down the market during rapid price movements in scenarios with thin liquidity and high open interest.
Assets with low liquidity can also follow stricter rules, making it harder for individual participants to manipulate the market easily. The idea is that when someone attempts a kamikaze-style attack, the system switches into defense mode before the HLP absorbs the damage.
The HLP itself could evolve from being mostly a passive counterparty to becoming a smarter, partially hedged book. This might include automatically hedging extreme exposures on external venues, capping risk per asset, or even splitting the treasury into a conservative core and smaller, optional high-volatility segments. This would make the HLP a much harder target to attack.
Finally, improving the detection of spoofing orders and fake walls of limit orders will help prevent the system from relying on misleading liquidity signals. By integrating these into the mark price and risk engine, no single spoofing wall will distort the way risks are assessed.
