Hyperliquid, one of the fastest-growing Decentralized Perpetuals Exchanges (DEXs), has suffered its third major market manipulation attack in 2025. In this latest incident, the attackers used POPCAT, a Solana-based memecoin, as a tool to inflict approximately $4.9 million in “Bad Debt” on the platform’s Liquidity Vault.
These sequential attacks once again expose the Structural Vulnerability faced by DEXs like Hyperliquid, which handle high Leverage and Illiquid markets. This was not a protocol hack, but an attack conducted through manipulation, exploiting loopholes in the exchange’s rules and market liquidity flow.
The Mechanism of Manipulation: $3M Lost vs. $5M Stolen
This November attack, like the previous incidents in March (JELLYJELLY) and July (TST), followed a planned self-sabotage scheme.
The attackers’ goal was clear: to push losses onto the HLP Liquidity Providers. The method they used was as follows:
- Capital Division: First, they withdrew approximately $3 million worth of USDC from the centralized exchange OKX and dispersed it across 19 crypto wallets.
- Creating False Demand: They used this capital to open highly leveraged POPCAT long positions worth $26 million on Hyperliquid. Simultaneously, they placed a Buy Wall worth $20 million at a price of $0.21 to create artificial and false demand for POPCAT.
- Triggering the Price Crash: Within seconds, they canceled the Buy Wall. With no support in the market, the price of POPCAT plunged by 30% in moments.
- Pushing Loss onto HLP: Due to the crash, all of the attacker’s long positions were liquidated. In this process, although the attacker lost their own $3 million in capital, the market shock forced the HLP Vault to absorb approximately $5 million worth of “Bad Debt” (liquidation losses that cannot be recovered from the attacker).
Since the attacked token (POPCAT) had low liquidity, the impact was severe despite only 5x leverage being used. This was not a protocol hack but pure manipulation that misused market liquidity and leverage tools.
Serial Attacks and Structural Vulnerability
These recurrent patterns of attacks targeting Hyperliquid expose the inherent risks of the decentralized perpetuals market.
- Vulnerability of the Liquidation Pool: Hyperliquid’s liquidation system is funded by the HLP Vault (Hyperliquid Liquidity Pool), a community-managed pool of funds. When liquidation occurs, this vault covers traders’ losses. However, manipulation attacks are specifically designed to inflict losses on this vault, directly affecting ordinary Liquidity Providers (LPs).
- Predictable Target: Allowing high leverage on illiquid memecoins provides an easily predictable opportunity for manipulation attacks. Small tokens are used as a lever to exploit the funds held in large vaults.
Competitive Landscape and Market Reaction
While Hyperliquid has seen major success in this cycle, recording over $10 billion in daily trading volume, this success itself has made it a target.
Competitors like Binance-backed Aster are closing in with over $7 billion in daily trading volume. This intense competitive environment has led to unsubstantiated online speculation that the attacks might be a conspiracy by rivals seeking to damage Hyperliquid’s dominance. Conversely, it was also argued that market manipulation is an unavoidable component of this fast-paced DEX Perpetuals business environment.
Following the attack, Hyperliquid temporarily halted deposits and withdrawals. This raised questions among many about how a Decentralized system could employ Centralized controls. However, Hyperliquid clarified that no smart contract was compromised. The company argued that the incident was merely a price manipulation, not a protocol hack.
These persistent attacks serve as another reminder of the risks of Decentralized Finance (DeFi), especially in leveraged trading. These DEX platforms are now under pressure to adjust their risk management rules to ensure market safety and stability.
