The Hyperliquid Perptual Futures platform suffers its fourth major attack

On March 26, the Perptual Futures platform Hyperliquid was attacked again, marking the fourth major security incident for the project since November of last year and the most serious crisis it has faced since its inception. This attack method was similar to the previous ETH whale attack but was more precise and severe.

The attacker used the low liquidity Solana token JELLY as "dynamite". At 9 PM that evening, the attacker deposited 3.5 million USDC as margin on the platform and opened a short position worth 4.08 million USD in JELLY, reaching the leverage limit of the platform. At the same time, an address holding a large amount of JELLY coordinated a sell-off in the spot market, causing the token price to plummet, resulting in a floating profit for the short position.

Subsequently, the attacker quickly withdrew 2.76 million USDC in margin, leading to insufficient margin for the remaining short position, triggering Hyperliquid's automatic liquidation mechanism. The platform's insurance fund HLP was forced to take over this short position. The attacker then executed a reverse operation, massively buying JELLY within an hour, causing its price to surge several times to $0.034, resulting in a floating loss of over $10.5 million for HLP.

When Hyperliquid was in trouble, certain centralized exchanges quickly intervened. Two platforms announced the launch of JELLY's Perptual Futures within an hour of the attack, potentially driving up the token price further and amplifying HLP's losses.

In response to the crisis, the Hyperliquid Validator Committee passed a vote to delist the JELLY Perptual Futures, with the final settlement price being the attacker's opening price, resulting in HLP making a profit of $700,000. This decision has raised questions about the platform's level of decentralization.

As a leading protocol in the on-chain Perptual Futures space, Hyperliquid accounts for 9% of the global contract trading volume of a well-known centralized exchange, far ahead in decentralized exchanges. However, the project has frequently been attacked since its inception, raising significant concerns about its security.

Apart from this incident, Hyperliquid has previously experienced three major security incidents:

1. December 2024: Potential Hacker Threats (Attempted Attacks)
2. January 2025: ETH whale high-leverage attack, HLP loss of about 4 million USD
3. March 12, 2025: ETH Whale Second Attack

These events expose the issues with Hyperliquid in terms of the margin mechanism, HLP mechanism, and the limited number of validators.

From the architectural perspective, Hyperliquid is a decentralized exchange with its own Layer 1, utilizing an EVM + matching engine design. Its core component, HyperCore, is equivalent to the matching engine of a centralized exchange and shares the same consensus layer with HyperEVM. Although this design is innovative, it also brings potential risks, such as transaction state inconsistency and synchronization delays.

The HLP vault is the core of the Hyperliquid ecosystem, and its design logic is similar to aggregating community user assets to build a decentralized market maker capital pool. However, this fixed logic design appears to be relatively fragile in the face of attacks.

Although Hyperliquid has achieved significant success in the on-chain Perptual Futures space, it still faces enormous challenges. How to enhance security and decentralization while maintaining high efficiency will be key to the future development of the project. At the same time, this event has also sparked in-depth reflection within the industry on the development direction of decentralized exchanges for Perptual Futures.