Hyperliquid takes proactive measures to delist trading pairs after JELLY attack
After the JELLY attack incident, Hyperliquid actively delisted trading pairs, an action seen by some in the community as an extreme “centralized” crisis management behavior, turning the DEX into a scenario where both “rescue or not to rescue” are wrong sins.
(Previous context: Hyperliquid’s “price manipulation” triggered a short squeeze on JELLY, Arthur Hayes: betting that $HYPE will drop back to its original point.)
(Background: Hyperliquid’s “Night of Terror” — Whales play “malicious liquidation,” with the official once floating a loss of ten million dollars, risking capital flight and severing roots.)
Last Night’s Outcry
Last night, the crypto community was abuzz with “HYPER needs to be revalued.” The reason was the high-performance on-chain derivatives exchange Hyperliquid once again reported its HLP liquidity vault being attacked, resulting in approximately millions of dollars being manipulated by market players, who short-sold with one hand and took spot positions with the other, inflicting a heavy loss.
This incident once again pressed DeFi against a fundamental sharp question: when the infrastructure of a “decentralized” exchange is actually highly controlled by a single team, where is the boundary between “decentralized” and “centralized”? Is the best current security mechanism actually a person? Hyperliquid may be, or perhaps is, a microcosm of the struggles faced by many on-chain DEXs challenging the dominance of CEXs.
Review: Meticulously Designed Market Manipulation
The market operation on Hyper last night did not exploit traditional smart contract vulnerabilities. The attacker seemingly targeted Hyperliquid’s HLP vault mechanism with precision. This vault is similar to GMX’s GLP, allowing users to deposit asset portfolios (such as stablecoins, ETH, BTC, etc.) to obtain HLP tokens, serving as counterparties to platform traders and sharing trading fees and profits and losses.
The crux of the problem lies in the calculation method of the HLP price. The attacker distorted the “mark price” of these assets by engaging in extreme operations on certain trading pairs with relatively low liquidity on the Hyperliquid platform (for example, flooding the market with large amounts of capital to pump or dump prices within a short period). Since the net asset value of HLP relies on the mark price of its held assets, this price distortion led to an instantaneous significant increase in HLP’s valuation.
Subsequently, the attacker used the artificially “inflated” value of HLP as collateral to borrow other assets (such as stablecoins) on the Hyperliquid platform, far exceeding their actual value, ultimately transferring these assets out, leaving behind overvalued HLP and actual asset losses, which were ultimately borne by other liquidity providers of the HLP vault. The loss caused by the JellyJelly incident is estimated to be around 4 million dollars; without official compensation, these losses appear to rest on the heads of deposit users.
The Illusion of “Decentralization” and the Core of “Centralization”
Hyperliquid is a high-performance DEX built on its own Layer 1 blockchain “Hyperliquid L1,” aimed at solving the slow speed and high cost problems of Ethereum’s mainnet DEX. In theory, this is a technical path pursuing higher efficiency and user experience, and it can also address some regulatory issues that CEXs may face. However, how could market manipulators who have already enjoyed playing in CEXs possibly let this new paradise slip away?
To achieve its claimed high throughput and low latency, the current network validators of Hyperliquid L1 are exclusively operated by the official core team. This means that, although transaction settlements occur on the blockchain, the ordering, verification, and even the entire state change of the chain are effectively controlled by a single entity, which appears quite “centralized.”
This “centralized decentralization” model brings several concerns:
- If the Hyperliquid team’s servers or infrastructure encounter problems, the entire trading platform may come to a standstill.
- It may also allow the team to selectively handle transactions, and even, in extreme cases, roll back or intervene (although currently there is no evidence to suggest they would do this).
The crucial issue is trust. In times of crisis, users must trust that the Hyperliquid team will not act maliciously and will not abuse their control over the dedicated chain and protocol. This is fundamentally no different from the trust required for CEXs to rely on the exchange operators.
Even CZ frequently emphasizes that transparency brings trust, let alone Hyper, which has just stepped onto the pillar position of DEX, will need more time to stabilize its footing. Comparing to Binance, the larger the market volume, the more prone it is to criticism.
This JELLY market manipulation incident, although the direct cause was the vulnerability of the oracle (or mark price calculation mechanism), has led the community to incessantly poke at the underlying centralized validator structure, raising another question: if the network is truly controlled by a single team, why couldn’t they detect abnormalities more quickly, intervene to stop them, or even take actions favorable to users when necessary?
The existence of this centralized control has left HYPER in a predicament when facing crises, unable to completely absolve responsibility (as they have the control to directly pull the plug and delist JELLY), yet possibly unable to stop losses in a timely manner due to insufficiently “centralized” responses (just look at how a hacked CEX reacts and manages PR, which is truly top-notch).
Why DEX Struggles to Shake CEX?
The predicament of Hyperliquid is not an isolated case; it reflects the challenges that DEXs generally face in competing with CEXs:
- User Experience (UX) and Usability: CEXs provide integrated services, from fiat in-and-out, spot trading, derivatives, to wealth management products, usually with user-friendly interfaces and lower entry barriers. DEXs require users to manage wallets, private keys, understand gas fees, cross-chain bridging, and other concepts, which are not friendly to newcomers.
- Liquidity and Trading Depth: Top CEXs gather massive global users and market makers, boasting excellent liquidity and trading depth, with lower slippage. DEXs, on the other hand, have liquidity relatively dispersed across different protocols and chains, especially for non-mainstream tokens, often lacking depth, leading to high slippage in large trades, and this time JELLY was heavily exploited.
- Performance and Costs: While Layer 2 and dedicated application chains (such as Hyperliquid L1) attempt to address performance issues, there remains a gap compared to the efficiency of centralized matching engines in CEXs. Additionally, on-chain interactions inevitably incur gas fees (even on L2).
- Security Risks: The main risks for CEXs lie in the security of the platform itself (hacker attacks, internal malfeasance) and custody risks. DEXs face multiple native on-chain risks, including phishing of the frontend, smart contract vulnerabilities, price oracle manipulation, flash loan attacks, and design flaws in economic models, making them hard to guard against. The current Hyperliquid event reveals that even if the contracts themselves have no vulnerabilities, attacks surrounding their AMM mechanism can still cause significant losses.
The “application chain DEX” model represented by Hyperliquid attempts to find a balance between performance and decentralization, or it may only be talk without action, simply connecting traditional CEX’s server rooms onto the chain. Just like in the early days of POS mechanisms, many mocked it as a “server room chain.” Once encountering a similar incident to this JELLY event, it undoubtedly exposes its potential “original sin” — the ability to prevent crises lies in centralization, and the rapid intervention to pull the plug lies in humans. When the programs are still not good enough, leaving a severed tail and pressing the nuclear self-destruct button is still human.
