Hyperliquid, a leading decentralized perpetuals exchange built on Arbitrum, suffered a coordinated market manipulation attack targeting its community-owned Hyperliquidity Provider (HLP) vault.
The incident, which unfolded over several hours, resulted in approximately $4.9 million in bad debt for the HLP vault, equivalent to about three months of its prior profits. This marks the third such manipulation event against Hyperliquid in 2025, highlighting vulnerabilities in low-liquidity memecoin perpetuals markets.
Blockchain analytics firms like Lookonchain and Arkham Intelligence tracked the attacker’s actions in real-time, revealing a deliberate strategy to exploit Hyperliquid’s liquidation mechanics. Here’s how it played out: Preparation ?13 Hours prior.
Register for Tekedia Mini-MBA edition 19 (Feb 9 – May 2, 2026): big discounts for early bird.
Tekedia AI in Business Masterclass opens registrations.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab: From Technical Design to Deployment (next edition begins Jan 24 2026).
The attacker withdrew $3 million in USDC from the centralized exchange OKX and fragmented it across 19 separate Ethereum wallets. This obfuscation tactic distributed the funds to evade easy tracking and simulate organic trading activity.
Building the Trap (?14:45 CET): The funds were bridged into Hyperliquid via the Arbitrum bridge. Using high leverage up to 10x, the attacker opened massive long positions on POPCAT—a volatile Solana-based memecoin perpetual contract—totaling $20–30 million in exposure.
To artificially inflate the price, they placed a $20–30 million “buy wall” pending buy orders at $0.21, creating the illusion of strong demand and pushing POPCAT’s price upward. Once the price hit the target, the attacker abruptly canceled or pulled the buy orders.
This removed the artificial support, causing POPCAT’s price to crash 43% from $0.21 to $0.12 in minutes. The sudden dump triggered cascading liquidations across the platform, totaling $63 million in wiped positions—including the attacker’s own $3 million in collateral, which they intentionally sacrificed.
HLP Absorption: Hyperliquid’s HLP vault acts as a backstop for liquidations, automatically absorbing uncollateralized losses to maintain platform liquidity. In this case, it inherited the attacker’s underwater $28 million long position on POPCAT, leading to a $4.9 million net loss after manual closure by the Hyperliquid team.
The vault was left holding over $25 million in devalued POPCAT tokens temporarily. The attacker did not profit from the scheme; instead, it appears designed as “degen warfare” to inflict maximum damage on the HLP liquidity providers (LPs), who share the bad debt proportionally.
Hyperliquid’s Response: Temporary Pauses HLP Vault Lock
Deposits and withdrawals to the HLP vault were immediately halted to allow manual position closure and prevent further exposure. An automated safety feature triggered a brief lock on the Arbitrum bridge used for Ethereum-Arbitrum transfers to Hyperliquid, suspending platform-wide deposits and withdrawals for about 25 minutes.
Hyperliquid developer “Iliensinc” confirmed in the project’s Discord: “The Arbitrum bridge’s automatic locking was triggered by a conservative set of conditions… Funds are safe. The Hyperliquid blockchain itself was not impacted and experienced no downtime.”
All pauses were lifted shortly after, with trading resuming normally. No user funds were lost beyond the HLP’s bad debt, and the platform’s native token HYPE dipped briefly below $38 before rebounding to $38.80. Hyperliquid has not issued a formal statement directly linking the event to the pauses, but on-chain data and community updates confirm the timeline.
The memecoin itself saw anomalous volatility but recovered partially, as organic spot market bids on Solana provided some floor. However, the incident underscores risks in thin-liquidity perps for memecoins. Liquidity providers in the vault face diluted returns due to the loss. This event echoes prior attacks, like a $12 million unrealized hit from JELLYJELLY manipulation in March 2025.
Hyperliquid remains the top DEX by open interest, but repeated incidents have sparked discussions on X about enhancing anti-manipulation measures, such as tighter leverage caps for low-liquidity pairs or improved oracle feeds.
This attack highlights ongoing “crime season” in DeFi perps, where thin order books and automated liquidations can be weaponized. Hyperliquid users should monitor official channels for any fee adjustments or compensation proposals.