Attacker Burns $3M to Trigger $4.9M Loss for Hyperliquid’s HLP Vault

A coordinated attack on Hyperliquid wiped out nearly $5 million from the protocol’s Hyperliquidity Provider (HLP) vault, when an unknown trader burned through $3 million in capital to manipulate the POPCAT market and trigger cascading liquidations. 

Blockchain analytics company Lookonchain shared on Thursday that it all started when the attacker withdrew 3 million USDC (USDC) from the OKX crypto exchange and split the funds into 19 fresh wallets. The trader then funneled the assets into Hyperliquid to open over $26 million in leveraged longs tied to HYPE, the platform’s POPCAT-denominated perpetual contract. 

After this, the trader built a $20 million buy wall near the $0.21 price point. This became an artificially created signal of strength that pushed the market upward before the orders were cancelled. When the wall collapsed, liquidity thinned as price support vanished. 

This meant that dozens of highly leveraged positions were forced into liquidation, and HLP absorbed these losses. Hyperliquid’s vault showed a $4.9 million loss in the aftermath, one of the largest single-event hits incurred by the platform since its launch. 

Related: Sour crypto mood could fuel an unexpected rally this month: Santiment

Hyperliquid market manipulator burns millions “for the plot” 

While the attacker caused damage to Hyperliquid, the event revealed that the market manipulator’s own $3 million capital was completely wiped out. This suggested that the attacker’s goal was structural damage rather than profit.

The sequence represented a clear example of a trader intentionally setting fire to their own capital to shock an onchain derivatives venue, exploit its liquidity architecture and stress-test the limitations of an automated liquidity provider vault. 

The event differentiated itself from typical market manipulation incidents because the attacker did not exit the event with a profit.

Instead, the trade structure suggested that the goal was to create artificial liquidity and collapse it to drag Hyperliquid’s vault into the liquidation cascade. 

Onlookers reacted to the move with varying sentiments. A community member speculated that the $3 million was hedged, suggesting that the attacker had positions locked in elsewhere. Another X user described the event as the “costliest research ever.” 

Another community member suggested that the event was not an attack, but rather a $3 million performance art piece. “Only in crypto do villains burn millions for the plot,” the X user wrote. 

Meanwhile, a community member described it as “peak degen warfare,” where an attacker exploited the automated liquidity provider’s absorption.

The X user said this was a reminder that perp markets without sturdy liquidity buffers are open season for anyone willing to “light money on fire.” 

Hyperliquid temporarily pauses withdrawals

On Thursday, community member jconorgrogan reported that the Hyperliquid bridge had stopped processing withdrawals. 

The developer said that the contract was paused using the “vote emergency lock” function, indicating that the team had initiated precautionary measures against potential manipulation.

After about an hour, the developer reported that the platform started processing withdrawals again. 

Hyperliquid did not issue any official announcements linking the POPCAT incident to the temporary freeze on withdrawals.

Magazine: If the crypto bull run is ending… it’s time to buy a Ferrari: Crypto Kid