One trader VS. Hyperliquid’s HLP vault.
$4M gone. No bug. No exploit. Just a brutal game of liquidity mechanics.
Here’s how they pulled it off. 🧵👇
$4M gone. No bug. No exploit. Just a brutal game of liquidity mechanics.
Here’s how they pulled it off. 🧵👇
1/ What Happened?
A trader turned $10M USDC into a $271M ETH long using high leverage, then withdrew collateral, forcing HLP to take the trade.
They walked away with $1.8M profit, while HLP ate a $4M loss.
Here’s how it worked ⬇️
A trader turned $10M USDC into a $271M ETH long using high leverage, then withdrew collateral, forcing HLP to take the trade.
They walked away with $1.8M profit, while HLP ate a $4M loss.
Here’s how it worked ⬇️
2/ Step 1: The Setup
If you’re trading with massive size, you have a problem: How do you exit without tanking your own position?
Market selling = slippage = killing your own trade.
This trader found a way to offload everything, without dumping on themselves.
If you’re trading with massive size, you have a problem: How do you exit without tanking your own position?
Market selling = slippage = killing your own trade.
This trader found a way to offload everything, without dumping on themselves.
3/ Step 2: The Withdrawal Play
Instead of selling ETH into order books, the trader withdrew collateral, lowering margin and forcing Hyperliquid to liquidate them.
HLP—the protocol’s liquidity vault, took on the $286M ETH long, leaving it exposed.
Instead of selling ETH into order books, the trader withdrew collateral, lowering margin and forcing Hyperliquid to liquidate them.
HLP—the protocol’s liquidity vault, took on the $286M ETH long, leaving it exposed.
4/ Step 3: The Perfect Short Hedge
The trader knew HLP’s forced selling would push ETH down, so they played both sides.
By hedging on another exchange (e.g Binance), they let HLP absorb the long while they profited on the short.
No accident, just a calculated trade.
The trader knew HLP’s forced selling would push ETH down, so they played both sides.
By hedging on another exchange (e.g Binance), they let HLP absorb the long while they profited on the short.
No accident, just a calculated trade.
5/ Was This an Exploit?
Hyperliquid says no. HLP isn’t forced to take the other side like GLP, and other MMs joined the liquidation.
HLP lost "only" $4M, roughly one month’s profit, but it wasn’t system-breaking. The vault remains net positive.
Hyperliquid says no. HLP isn’t forced to take the other side like GLP, and other MMs joined the liquidation.
HLP lost "only" $4M, roughly one month’s profit, but it wasn’t system-breaking. The vault remains net positive.
6/ Why HLP Took a $4M Loss
HLP isn’t one vault, it’s three:
1️⃣ HLP Liquidator — buys liquidated positions
2️⃣ HLP Strategy A — $145M ETH short
3️⃣ HLP Strategy B — $145M ETH short
On the UI, you only see the net position.
When the whale was liquidated:
✅ HLP Liquidator went long $290M ETH
✅ Strategy A & B shorted to hedge
❌ They couldn’t match the exact entry price → $4M slippage loss
It wasn’t socialized losses, it was execution slippage.
HLP isn’t one vault, it’s three:
1️⃣ HLP Liquidator — buys liquidated positions
2️⃣ HLP Strategy A — $145M ETH short
3️⃣ HLP Strategy B — $145M ETH short
On the UI, you only see the net position.
When the whale was liquidated:
✅ HLP Liquidator went long $290M ETH
✅ Strategy A & B shorted to hedge
❌ They couldn’t match the exact entry price → $4M slippage loss
It wasn’t socialized losses, it was execution slippage.
7/ Not the First Time Hyperliquid Got Targeted
In June 2023, an attacker manipulated SNX prices on CEXs to exploit HLP, walking away with $37K USDC.
HLP had to quickly adjust its pricing models to prevent future attacks.
In June 2023, an attacker manipulated SNX prices on CEXs to exploit HLP, walking away with $37K USDC.
HLP had to quickly adjust its pricing models to prevent future attacks.
8/ Could This Happen Again?
Hyperliquid has already reacted:
🔹 Max leverage lowered to 40x (BTC) and 25x (ETH)
🔹 Higher margin requirements for large positions
🔹 Likely more HLP risk adjustments coming
But here’s the real question ⬇️
Should protocols rely on liquidations when the smartest traders can front-run them?
Hyperliquid has already reacted:
🔹 Max leverage lowered to 40x (BTC) and 25x (ETH)
🔹 Higher margin requirements for large positions
🔹 Likely more HLP risk adjustments coming
But here’s the real question ⬇️
Should protocols rely on liquidations when the smartest traders can front-run them?
9/ Final Takeaway: The Edge Is in the Rules
This wasn’t a code exploit, if anything, it was a mechanism exploit.
Traders don’t break smart contracts but they can still break protocols.
This wasn’t a code exploit, if anything, it was a mechanism exploit.
Traders don’t break smart contracts but they can still break protocols.
10/ What do you think?
Just smart trading, or should @HyperliquidX change its system to prevent this?
Reply below. 👇
Just smart trading, or should @HyperliquidX change its system to prevent this?
Reply below. 👇
At Three Sigma, We Secure Web3 Projects — Discover How Our Smart Contract Audits Protect Your Code and Your Future, Today. threesigma.xyz/smart-contract…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
