Written by: The Smart Ape

Translated by: AididiaoJP, Foresight News

In the crypto industry, phrases like "code is law," "trust in math, not people," and "open source + decentralization" are prevalent…

These statements are true, but the past few weeks have once again shown how fragile our current model is.

Even the most advanced perpetual contract decentralized exchange, @HyperliquidX, has just experienced a significant attack.

An attacker blew up their own $3 million in funds just to cause a $5 million loss to the protocol's HLP treasury, nearly double the amount they lost.

On the surface, this looks like a "suicidal" attack, with no profit, only destruction.

However, in a world where Hyperliquid has harmed many competitors (including large institutional platforms), the idea that someone could pay $3 million to make HL lose $5 million is extremely frightening.

If this method of attack remains open, there will be nothing to stop larger players from escalating it.

How the Attack Was Conducted

First, the attacker withdrew $3 million in USDC from @okx, dispersed it into 19 new wallets, and then sent all the funds to Hyperliquid.

Next, they established a massive leveraged long position in the HYPE / POPCAT perpetual contract market. They used the $3 million as margin, with a leverage ratio of 5 times. Ultimately, they controlled a position size of $26 million.

Up to this point, everything seemed routine, but what changed everything was that when the price was around $0.22, the attacker placed a $20 million buy order around $0.21. This created the illusion of strong support, "Look, there's a massive buyer here, the price is unlikely to drop below this." Seeing this, other traders believed there was substantial capital supporting the price, so they also went long. As a result, more people began to leverage long or did not adequately hedge their risks, feeling protected by that "wall."

However, this was not real support; it was a trap.

Once enough traders committed to the long side, the attacker removed that false buy wall, and liquidity instantly became very thin, with no real support below.

Then the price began to drop, leveraged traders started getting liquidated, and the liquidations triggered more sell-offs, which in turn triggered more liquidations. This was a typical liquidation chain reaction, but it was artificially designed.

At the end of this chain reaction, many traders were liquidated, but due to the way the system operates, the protocol's treasury ultimately bore a loss of $4.9 million.

On-chain, the attacker's own $3 million margin position appeared to be completely destroyed.

On paper:

• Attacker: -$3 million
• HLP Treasury: -$5 million

This looks like a "suicidal" attack.

What is HLP, and Why Did It Bear the Loss?

HLP can be imagined as a large shared treasury, primarily funded with USDC, serving as the ultimate counterparty for all traders on Hyperliquid.

Users deposit USDC into HLP. In exchange, they:

• Provide liquidity to the system
• Assume risk
• Earn fees/returns when traders incur losses or pay funding rates

To simplify:

• If traders lose money, HLP profits (the treasury grows).
• If traders make money, HLP pays out (the treasury shrinks).

It's like a massive automated market maker + insurance fund hybrid.

Therefore, if a market (like POPCAT/HYPE) crashes, the global HLP will take the hit. Overall, HLP has been very profitable and has been making money in the long run. They have generated a total net profit of $118 million. Compared to the earnings they have accumulated since their inception, this $5 million attack seems trivial.

The main question is, why did HLP take a $5 million hit here?

In a smooth, normal market, traders would be liquidated before they blow up, and their losses would cover the payouts to the winning side, keeping the system roughly balanced.

But in such a crash:

• Price movements are too rapid
• Liquidity disappears when it is most needed
• Some positions are difficult or impossible to close at a fair price
• Slippage can become enormous
• The proceeds from liquidations may not fully cover the amounts owed

The difference between what the losing side should have paid and what the system actually collected on-chain is ultimately borne by the HLP treasury.

And this is the frightening part from the perspective of protocol risk.

Did the Attacker Really Burn $3 Million?

I don't believe the attacker blew up $3 million. The attacker almost certainly hedged elsewhere (centralized exchanges, options, other perpetual contracts, or even over-the-counter trading).

For example, they might have:

Established an opposite position on another exchange (shorting POPCAT / related risks)

Constructed a neutral trade to profit when the Hyperliquid market was imbalanced

Utilized over-the-counter agreements benefiting from the damaged counterparties of Hyperliquid

We do not have public evidence of such hedging.

But from a game theory and capital efficiency perspective, this explanation makes much more sense.

In that case, the attacker's actual profit and loss ≈ 0 or even positive, while Hyperliquid's HLP treasury bore a significant $5 million loss alone.

Testing Theories

This could be a test of the attack. For well-funded players, this is a "small-scale" attack, just large enough to observe the system's response, the changes in HLP, the team's response speed, the actual depth of the treasury, and whether emergency control measures like bridge locks are truly effective.

When you think like a professional attacker or a well-funded competitor, $3 million may not be a loss; it could be a research and development budget. A way to prepare for larger-scale, more coordinated, better-hedged actions aimed not only at draining funds but also at undermining core trust.

How Can Hyperliquid Defend Against Such Attacks?

First, they could limit the risk exposure that a single entity can establish, even across multiple wallets (using heuristic methods: funding patterns, time, IP, behavior). They could also implement stricter margin requirements when one side of the order book is heavily skewed. Overall, this would make it much more costly to establish a massive directional position that could potentially wipe out HLP in one go.

To enhance market security, they could implement circuit breakers and volatility protection measures for each market, which could slow down market movements when prices move too quickly in conditions of thin liquidity and large open contract volumes.

Low liquidity assets could also follow stricter rules, preventing a single participant from easily manipulating the market. The idea is that when someone attempts a suicidal attack, the system switches to defense mode before HLP absorbs the damage.

HLP itself could evolve from a largely passive counterparty into a smarter, partially hedged book. This could include automatically hedging extreme risk exposures in external venues, limiting risk per asset, or even splitting the treasury into a conservative core and a smaller optional high-volatility portion. This would make HLP a harder target to attack.

Finally, better detection of deceptive orders and false buy walls would help prevent the system from relying on misleading liquidity signals. By integrating this into the mark price and risk engine, individual deceptive buy walls would no longer distort the risk assessment.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。