After the ETH whale and Jellyjelly incidents, Hyperliquid's HLP has been attacked again. The attack method is basically the same old trick in a new guise. This time, the target was POPCAT, a meme coin with insufficient spot liquidity, similar to Jellyjelly. 1. The attacker withdrew 3 million USDC from OKX and distributed it across 19 wallets. 2. Placed a $20 million buy order at 0.21 and opened $30 million long positions across 19 wallets. 3. Suddenly pulled the buy orders, causing a sharp drop and triggering liquidations, leaving HLP to take over the losing positions. 4. However, POPCAT itself lacks liquidity, so HLP couldn’t close the positions, and POPCAT continued to drop, resulting in a total loss of $4.9 million for HLP. The attacker lost $3 million. 5. It’s possible the attacker deployed corresponding hedges on other CEXs, ultimately making a slight profit or breaking even. After the attack, Hyperliquid quickly executed their signature risk control move—pulling the plug and shutting down Arbitrum deposits and withdrawals. Apparently, many market makers previously appreciated HL’s decisiveness in pulling the plug during the Jellyjelly incident, which boosted their confidence in the platform. It’s likely that after this move, they’ll be even more bullish.