Hyperliquid Faces Crisis Again: From a Feast of Crows to Reflecting on Decentralization

On March 26, the Hyperliquid project experienced the most severe security incident since its establishment. This is the fourth major attack on the project since last November, and the methods used are similar to the previous high-leverage attacks on ETH, but more precise and intense.

The attacker exploited the low liquidity of the Meme token JELLY as an entry point. At 9 PM that evening, the attacker deposited 3.5 million USDC as collateral and opened a short position of 4.08 million dollars in JELLY, reaching the maximum leverage on the platform. At the same time, an address holding a large amount of JELLY sold off, causing the token price to plummet, resulting in profits from the short position.

Subsequently, the attacker quickly withdrew 2.76 million USDC in margin, triggering the platform's automatic liquidation mechanism. Hyperliquid's insurance vault HLP was forced to take over this massive short position. The attacker then reversed the operation, buying a large amount of JELLY in a short period, causing its price to soar several times, resulting in an unrealized loss of over 10.5 million USD for HLP.

As Hyperliquid fell into trouble, certain centralized exchanges quickly intervened. They launched the perpetual contract for JELLY within an hour of the incident, suspected of using their influence to further drive up the token price, exacerbating the losses of HLP.

In response to this crisis, the Hyperliquid Validator Committee urgently passed a vote to delist the JELLY perpetual contract, using the attacker's opening price as the final liquidation price. Although this decision resulted in a profit of $700,000 for HLP, it also exposed the project's shortcomings in terms of Decentralization.

Hyperliquid, as a leading protocol in the on-chain perpetual contract space, accounts for 9% of the global contract trading volume of a major exchange, far exceeding other decentralized exchanges. However, since the project's inception, security incidents have been frequent, facing a major attack almost every month.

This series of events exposed multiple issues with Hyperliquid: margin mechanism, HLP mechanism, and the centralization problems caused by the limited number of validators. At the same time, it also triggered people's reflections on the development direction of decentralized exchanges.

As a decentralized exchange with its own Layer 1, Hyperliquid adopts the architecture design of HyperEVM + HyperCore. HyperCore is equivalent to the matching engine of a centralized exchange, sharing the same consensus layer with HyperEVM. Although this design improves efficiency, it also introduces potential risks, such as inconsistent transaction states, synchronization delays, and other issues.

The HLP vault is the core of the Hyperliquid ecosystem, and its design logic is similar to LP in AMM, but more efficient. However, when faced with attacks, the fixed logic of HLP also becomes its weakness.

Although Hyperliquid has achieved significant results in the field of on-chain perpetual contracts, its path ahead is still fraught with challenges. How to address the issues brought about by Decentralization while maintaining high efficiency will be an important topic for Hyperliquid and the entire decentralized exchange industry to consider.

In the future, the development of decentralized exchanges may need to find a balance between demand and efficiency, while exploring more flexible and secure governance mechanisms. Only in this way can they establish a foothold in competition with centralized exchanges and provide better services to users.