Hyperliquid Takes Down Trading Pairs After JELLY Attack, Sparking Centralization Concerns
Hyperliquid has proactively delisted trading pairs following the JELLY attack incident, which some in the community view as an extreme act of “centralized” crisis management, turning this into an original sin where neither “saving nor not saving” is the right choice on a DEX.
(Background: Hyperliquid “manipulated prices” and actively closed JELLY short positions, leading to backlash; Arthur Hayes: Betting that $HYPE will drop back to its original point.)
(Additional context: “A Night of Terror for Hyperliquid” — Whales play “malicious liquidation,” with the official loss peaking at tens of millions, risking capital outflows and potential ruin.)
Last night, the crypto community was abuzz with “HYPER needs a revaluation.” The reason was the news that the high-performance on-chain derivatives exchange Hyperliquid had once again suffered an attack on its HLP liquidity vault, resulting in approximately millions of dollars being manipulated by market operators who shorted with one hand while taking spot positions with the other, leading to significant losses.
This incident once again pushed DeFi towards a fundamental and sharp question: when the infrastructure of a “decentralized” exchange is actually highly controlled by a single team, where is the line between “decentralized” and “centralized”? Is the best security mechanism actually human? Hyperliquid may be, or perhaps is, a microcosm of the challenges faced by many on-chain DEXs as they challenge the dominance of CEXs.
Review: Carefully Designed Market Manipulation
The market operation on Hyper last night did not exploit traditional smart contract vulnerabilities. The attacker seemed to have precisely targeted the HLP vault mechanism of Hyperliquid. This vault is similar to GMX’s GLP, allowing users to deposit asset portfolios (such as stablecoins, ETH, BTC, etc.) to receive HLP tokens, acting as a counterparty to platform traders and sharing trading fees and profits and losses.
The crux of the issue lies in the calculation method of the HLP price. The attacker manipulated certain trading pairs with relatively poor liquidity on the Hyperliquid platform through extreme operations (for example, injecting large amounts of capital in a short time to pump or dump prices), artificially distorting the “mark price” of these assets. Since the net asset value of HLP relies on the mark price of its held assets, this price distortion led to a sharp and immediate increase in HLP’s valuation.
Subsequently, the attacker used the “inflated” value of HLP as collateral to borrow other assets (such as stablecoins) on the Hyperliquid platform, far exceeding their actual value, ultimately transferring these assets out, leaving behind overvalued HLP and actual asset losses, which were ultimately borne by other liquidity providers in the HLP vault. The losses from the JellyJelly incident are estimated to be around $4 million; without official compensation, these losses appear to hang over the deposit users.
The Facade of “Decentralization” and the Core of “Centralization”
Hyperliquid is a high-performance DEX built on its own Layer 1 blockchain “Hyperliquid L1,” aimed at solving the slow speeds and high costs of Ethereum’s mainnet DEXs. In theory, this is a technical path pursuing higher efficiency and user experience, which can also address certain regulatory issues faced by CEXs. However, market manipulators from CEXs have already had their fun; how could they possibly miss this new playground?
To achieve its claimed high throughput and low latency, the current network validators of Hyperliquid L1 are operated solely by the official core team. This means that although trading settlements occur on the blockchain, the ordering, verification, and even the entire state changes of the chain are actually controlled by a single entity, appearing quite “centralized.”
This “centralized decentralization” model brings several concerns:
- If the Hyperliquid team’s servers or infrastructure encounter issues, the entire trading platform could come to a halt.
- It may also give the team the ability to selectively handle transactions, and even in extreme cases, roll back or intervene (though there is currently no evidence suggesting they would do so).
Critical is the aspect of trust; in the face of a storm, users must trust that the Hyperliquid team will not act maliciously and will not abuse their control over the dedicated chain and protocol. This is fundamentally no different from trusting the operators of CEXs.
Even CZ frequently emphasizes that transparency brings trust; let alone Hyper, which has just stepped onto the foundational position of DEX, will need more time to stabilize its footing. Benchmarking against Binance, the larger the market volume, the more susceptible it is to criticism.
This JELLY market manipulation incident, while directly caused by the vulnerability of the oracle (or mark price calculation mechanism), has inevitably led the community to poke at the underlying centralized validator structure, raising another question: if the network is indeed controlled by a single team, why could they not detect abnormalities more swiftly, intervene to prevent issues, or even take actions favorable to users when necessary?
This existence of centralized control instead puts HYPER in an awkward position during a crisis, unable to completely absolve itself of responsibility (since they have the control to directly take down JELLY) while potentially being unable to respond quickly enough in a “centralized” manner to stop losses (look at how quickly some hacked CEXs respond and manage PR — it’s first-rate).
DEXs Struggle to Shake CEXs: Why Is It So Difficult?
The predicament of Hyperliquid is not an isolated case; it reflects the common challenges currently facing DEXs in competing with CEXs:
- User Experience (UX) and Usability: CEXs offer integrated services, from fiat on/off-ramping, spot trading, derivatives, to investment products, often with user-friendly interfaces and lower entry thresholds. DEXs require users to manage wallets, private keys, understand gas fees, cross-chain bridging, and other concepts, which are not friendly for newcomers.
- Liquidity and Trading Depth: Top CEXs aggregate a massive global user base and market makers, boasting excellent liquidity and trading depth with low slippage. DEXs have liquidity that is relatively dispersed across different protocols and chains, especially for non-mainstream tokens, where depth is often insufficient, leading to high slippage in large trades — as seen with JELLY.
- Performance and Cost: Although Layer 2 and dedicated application chains (like Hyperliquid L1) attempt to address performance issues, there remains a gap compared to the efficiency of centralized matching engines in CEXs. Additionally, on-chain interactions inevitably incur gas fees (even on L2).
- Security Risks: The main risks for CEXs lie in the security of the platform itself (hacking attacks, internal malfeasance) and custodial risks. DEXs face additional risks, including phishing at the front end, smart contract vulnerabilities, price oracle manipulation, flash loan attacks, and economic model design flaws, making them difficult to defend against. The recent Hyperliquid incident exposed that even if the contract itself has no vulnerabilities, attacks surrounding its AMM mechanism can still lead to significant losses.
Hyperliquid and its representative “application chain DEX” model attempt to find a balance between performance and decentralization, or perhaps just verbally assert that they have connected the traditional CEX server rooms to the chain, reminiscent of how people mocked the POS working mechanism when it first gained popularity as a “server chain.” Once they encounter incidents similar to this JELLY event, it undoubtedly exposes their potential “original sin” — the ability to prevent crises lies in centralization, and the ability to quickly pull the plug lies with people. When the programming is still inadequate and the plan fails, it is still humans who leave the tail cut off and press the nuclear self-destruct button.
