An expert has provided insights into the issues surrounding the JELLY token exploit, which resulted in $10.63 million in losses for the Hyperliquid exchange.
Reactions continue to pour in regarding an exploit that caused users of the Hyperliquid (HYPE) exchange a significant loss of $10.63 million. The common thread in these reactions is a critical view of Hyperliquid’s operational practices.
Dr. Jan Philipp Fritsche, managing director at a security firm, presented his analysis, noting that the exploit wasn’t due to a technical flaw but was rather an anticipated failure that could potentially threaten other DeFi protocols.
The incident involving JELLY seems to be the outcome of coordinated market manipulation by multiple users. Notably, one trader initiated a $5 million short position on JELLY and then withdrew their margin, leaving Hyperliquid exposed. Subsequently, other traders executed a coordinated short squeeze.
“The attacker established significant opposing positions in JELLY, fully aware that one side would collapse while the other profited. Due to the absence of capped payouts and isolated risk, the protocol absorbed the losses, allowing the attacker to walk away with millions,” stated Dr. Jan Philipp Fritsche.
Fritsche characterized the exploit as a “textbook example of unpriced vega risk,” referencing a concept from traditional finance relating to the implied volatility of an asset. He highlighted that many DeFi protocols neglect to factor in this essential risk metric.
Hyperliquid criticized for JELLY incident
This incident has not been the first instance of criticism aimed at Hyperliquid. Following the exploit, the CEO of Bitget described the exchange’s methods as “immature, unethical, and unprofessional,” cautioning that it could lead to a situation reminiscent of FTX.
While Hyperliquid has committed to compensating those affected by the exploit, the toll on its reputation may already be significant. More critically, this event has spotlighted wider vulnerabilities within the decentralized finance landscape.
In 2024, DeFi exploits resulted in $308.7 million in user losses, overshadowing the $192.9 million lost to rug pulls. Merely days after the JELLY exploit, another DeFi protocol, SIR.trading, fell prey to an exploit, losing its entire locked value of $355,000.