In partnership with

TL;DR

A trader exploited Hyperliquid’s liquidation mechanics, forcing the protocol to choose between a $12M loss or revealing its centralized controls. Validators quickly delisted $JELLY, sparking accusations of market manipulation. Binance and OKX’s well-timed listings raised suspicions of exchange warfare. The incident exposed the gap between Hyperliquid’s decentralization claims and reality.

Sponsor of the Week

Your job called—it wants better business news

Welcome to Morning Brew—the world’s most engaging business newsletter. Seriously, we mean it.

Morning Brew’s daily email keeps professionals informed on the business news that matters, but with a twist—think jokes, pop culture, quick writeups, and anything that makes traditionally dull news actually enjoyable.

It’s 100% free—so why not give it a shot? And if you decide you’d rather stick with dry, long-winded business news, you can always unsubscribe.

Check it out

Hyperliquid faced a major test of its risk management after a trader exploited its own liquidation mechanics, creating a dilemma for the platform. The protocol had two choices: absorb a $12 million loss or intervene using a centralized kill switch.

In response, a small group of validators reached quorum within two minutes, overriding market prices and forcibly delisting $JELLY, which had skyrocketed 429% in just one hour.

The move sparked controversy as Binance and OKX quickly introduced perpetual contracts for $JELLY, positioning themselves amid the volatility. Meanwhile, BitGet’s CEO compared Hyperliquid’s actions to FTX’s centralized failures, questioning its long-term stability.

Further scrutiny came from ZachXBT, who criticized Hyperliquid for targeting market manipulators while allegedly allowing North Korean hackers to use stolen funds on the platform.

The situation highlights deeper issues in the industry, from exchange rivalries and token listing strategies to concerns over validator governance and market intervention. As centralized players exert control over decentralized markets, the boundaries between risk management, manipulation, and censorship become increasingly blurred.

Financial warfare in crypto is evolving, and Hyperliquid is at the center of the latest controversy. Concerns over its security first emerged when North Korean hackers were spotted probing its defenses, raising red flags about potential vulnerabilities.

Despite expanding to 16 validators and making promises to strengthen security, the same critical weaknesses persist. Instead of avoiding liquidation, a trader intentionally triggered one, weaponizing Hyperliquid’s own liquidation engine against itself.

The chosen target was JellyJelly ($JELLY), a relatively obscure token with a $20 million market cap, small enough to be easily manipulated but large enough to cause significant market disruption.

The strategy was a calculated and ruthless exploitation of Hyperliquid’s mechanics. The trader opened a massive $6 million perpetual short position while simultaneously accumulating spot longs across multiple chains, setting the stage for a high-stakes manipulation.

With positions secured, the next phase began: artificially inflating $JELLY’s spot price across exchanges. As the token soared 429% within an hour, the rapid surge forced the liquidation of their own short position. This shifted the burden onto Hyperliquid’s Liquidity Pool (HLP), which automatically absorbed the toxic short, bleeding millions as funding rates spiked.

This wasn’t just a high-risk trade; it was a calculated trap. Hyperliquid was forced into an impossible decision to either let its $230 million vault face cascading liquidations if $JELLY kept rising or expose the emergency intervention powers hidden behind its claims of decentralization.

The exploit targeted four fundamental weaknesses in Hyperliquid’s system: the absence of real position limits on illiquid assets, inadequate protection against oracle manipulation, automatic inheritance of liquidated positions, and a lack of circuit breakers to prevent runaway losses.

These vulnerabilities formed the perfect setup for a calculated attack. As Hyperliquid’s unrealized losses climbed past $12 million with no end in sight, the protocol took drastic action, triggering an emergency validator vote to forcibly delist $JELLY. Within just two minutes, a small group of validators reached consensus, exposing the centralized control behind the protocol’s decentralized facade.

The resolution was just as controversial as the intervention itself. Hyperliquid settled $JELLY at $0.0095—far below the actual market price of $0.50—flipping what could have been an eight-figure loss into a $700,000 profit with a simple adjustment.

Moments like these reveal the reality of decentralized finance. When decision-making moves faster than a liquidation cascade, and market prices can be rewritten at will, the line between an oracle and a glorified spreadsheet becomes harder to distinguish.

Exchange Warfare

As Hyperliquid scrambled to contain its losses, Binance and OKX appeared to seize the moment, launching $JELLY perpetual contracts at the precise time to capitalize on the chaos. The timing was anything but ordinary.

Blockchain investigator ZachXBT pointed out that both key manipulators, 0x20e8 and 0x67f, had received fresh funding via Binance on Arbitrum just before the attack. Whether this was a mere coincidence or a calculated market takedown remains an open question.

Further fueling speculation, users highlighted an alleged message from Binance Co-Founder Yi He, who reportedly responded "Ok, received/got it" to a request targeting Hyperliquid. The implication? That Binance listed $JELLY with the intent of destabilizing a rising competitor.

BitGet’s CEO Gracy Chen was blunt in her assessment, warning that Hyperliquid’s handling of the situation resembled the early missteps of FTX. She criticized the platform for being "immature, unethical, and unprofessional," underscoring the intense rivalries that define the crypto industry.

Beneath all the public discourse, a larger battle appears to be unfolding, one where token listings, liquidity attacks, and validator interventions serve as weapons in an ongoing war for dominance among exchanges.

As Wazz bluntly put it, "2 exchanges just tag teammed to rape another exchange publicly and you still think this market is not PvP." The brutal reality of crypto markets was laid bare, where competition isn’t just about innovation but strategic attacks and survival.

For Hyperliquid, the dilemma wasn’t between decentralization and centralization—it was between taking a $12 million loss or sacrificing its reputation. It chose the latter, and the market took notice.

ZachXBT’s final critique cut deep: "Kind of annoying if they draw the line here but not when DPRK had reasonably sized positions open with funds from the Radiant hack." The selective enforcement exposed the true nature of Hyperliquid’s decision, which was not a principled stand but an act of self-preservation.

From FTX’s $8 billion "miscalculation" to Terra’s $40 billion algorithmic collapse, the script remains the same. Hyperliquid’s emergency intervention and Binance’s perfectly timed listings are just the latest acts in crypto’s longest-running production: the illusion of decentralization.

When every major catastrophe comes with a clause for "unprecedented emergency powers," the real issue isn’t the individual failures—it’s the system itself.

A Two-Minute Verdict

Hyperliquid’s governance wasn’t undermined; it was never real to begin with.

A validator vote might sound legitimate, but the reality tells a different story. A handful of decision-makers reached a conclusion in just two minutes with no visible discussion. The distribution of voting power makes the outcome even clearer. Out of 404 million staked HYPE tokens, 81% remain controlled by foundation nodes, contradicting the platform’s claims of decentralization.

ValiaDAO, supposedly an independent validator, echoed the official stance: "We voted to delist JELLY perps at the price where market manipulation happened." No transparency on the process. No explanation for why the final price was set 98% lower than the market rate. Just silent approval.

Twitter user Lucas asked the question Hyperliquid seemed unwilling to address: "Did HL validators secretly add the power to override market prices, or was that kill switch always hiding in plain sight?"

The lack of an answer spoke louder than any official statement. When a system can erase market data at will, the real concern isn’t whether the power exists but how long it has been waiting to be used.

Lucas exposed the heart of the issue: "HL can clear up all FUD by publishing the admin permissions that currently exist, and when they'll be removed. Obscurity not a good look here."

Hyperliquid’s response to the chaos speaks for itself. After a self-trade detonated their system, they decided to refund JELLY longs at 0.037555, a rate better than the manipulated settlement price—unless you’re on the blacklist.

The protocol acknowledged that its risk model failed when HLP inherited the toxic short. In response, they announced new safeguards, including stricter liquidation caps, improved open interest limits, and an on-chain vote to delist dead assets. A familiar promise to "do better," but whether it will be enough remains to be seen.

Despite these adjustments, the fundamental flaw remains unchanged. A system that once had no position limits on illiquid assets and weak oracle protections has now exposed its greatest vulnerability: governance designed to appear trustless while keeping real control in the same hands.

A protocol that can override markets, rewrite prices, and delist tokens faster than most can type a tweet is not decentralized. It is a centralized authority wrapped in the language of DeFi. The real question is whether protocols will admit that emergency powers, not community governance, are their true ruling force.

The Hyperliquid debacle reads like a financial thriller where every participant played a role in the chaos.

First, a trader orchestrated a devastating attack by exploiting Hyperliquid’s liquidation mechanics. By carefully designing a strategy that forced the protocol into a crisis, they turned risk management flaws into a financial weapon.

Next came Binance and OKX, whose perfectly timed JELLY listings raised eyebrows. The decision to introduce perpetual contracts for an obscure token at the precise moment it could cause maximum damage wasn’t just a coincidence. It looked like a deliberate move to capitalize on Hyperliquid’s downfall.

Then, Hyperliquid’s centralized control was exposed. A small group of validators, with 81% of their stake tied to foundation nodes, swiftly overrode market prices. What should have been a decentralized governance process unfolded as a backroom decision with no room for debate.

This wasn’t just a price drop. HYPE holders saw their trust shattered as the illusion of decentralization collapsed. The fine print became impossible to ignore: "Rules can change when the protocol is at risk."

No number of Discord AMAs can restore faith in a system that unraveled in two minutes.

What’s unfolding isn’t innovation, it’s a battlefield where so-called decentralized exchanges operate like centralized players, using token listings and emergency powers as weapons. The crypto arena has become a high-stakes game where exchanges take turns inflicting damage while hiding behind the facade of community governance.

Hyperliquid users now confront a harsh reality. The platform that promised a decentralized revolution has revealed itself as something far less inspiring—an entity that can rewrite market rules when the stakes are too high. What was marketed as a trustless system now resembles a centralized exchange with more complex documentation.

The lesson couldn’t be clearer. Market prices remain untouched only until they threaten the wrong people. The irony is hard to ignore: a protocol built on the premise of decentralization just proved why centralization remains one of crypto’s biggest vulnerabilities.

The only true winners? Traders who avoided the chaos. And the mastermind behind the exploit, who exposed yet another protocol built on shaky foundations.

Their $12 million lesson serves as a reminder. In crypto, decentralization is only as real as the moment it stops being profitable. When validators can shift from consensus to price manipulation between Discord messages, the industry’s greatest innovation might not be the technology—but the belief that, despite every betrayal, the system will somehow be different next time.