In March 2026, a single whale turned Hyperliquid's own liquidation engine into a $6.26 million ATM. The weapon? A low-liquidity meme coin called JELLY, a carefully sized position, and an intimate understanding of how perp DEX liquidation mechanics actually work under stress.
This wasn't a smart contract bug. It wasn't an oracle exploit in the traditional sense. It was a game-theoretic attack on the liquidation mechanism itself — and it's a pattern that threatens every perpetual DEX that hasn't hardened against it.
Let's dissect exactly how it worked, why it keeps happening, and how to build liquidation systems that don't become weapons.
The Anatomy of a Liquidation Manipulation
How the JELLY Attack Worked
Step 1: Choose Your Weapon
The attacker identified JELLY — a meme coin with thin order book depth on Hyperliquid. Total on-chain liquidity: under $500K at any price level.
Step 2: Build the Trap
Open a massive short position on JELLY perpetuals — far larger than the underlying spot market can absorb. The position size was deliberately chosen to exceed the protocol's Hyperliquidity Provider (HLP) vault's capacity to efficiently liquidate.
Step 3: Trigger the Cascade
Buy JELLY on spot markets across multiple venues, driving the price up. With thin liquidity, even modest buying pressure created 200%+ price moves.
Step 4: Force the Liquidation Engine's Hand
As JELLY's price pumped, the attacker's short position moved deep underwater. When it hit the liquidation threshold, Hyperliquid's automated liquidation system (HLP vault) was forced to take over the position — inheriting a massive short at a terrible price.
Step 5: Extract Value
The HLP vault, now holding a toxic short, had to close it by buying JELLY at the inflated price. The attacker, holding both the spot JELLY and a now-profitable long position, extracted $6.26M.
Attacker's P&L:
├── Short JELLY perp: -$X (liquidated, transferred to HLP)
├── Long JELLY spot: +$Y (sold into HLP's forced buying)
├── Long JELLY perp: +$Z (new position, riding the pump)
└── Net profit: $6.26M
Why This Keeps Happening
This exact pattern has played out repeatedly:
| Incident | Date | Loss | Mechanism |
|---|---|---|---|
| Hyperliquid JELLY | Mar 2026 | $6.26M | Liquidation engine manipulation |
| Hyperliquid HLP | Nov 2025 | $4.9M | Liquidity pool design exploit |
| Hyperliquid whale | Mar 2025 | $4M (HLP) | High-leverage liquidation gaming |
| Mango Markets | Oct 2022 | $114M | Oracle + liquidation manipulation |
| Venus THE | Mar 2026 | $3.7M | Illiquid collateral + donation attack |
The common thread: the protocol's own risk management system becomes the exit liquidity.
The Five Fatal Flaws in Perp DEX Liquidation Design
Flaw 1: Static Open Interest Caps
Most perp DEXs set maximum open interest per market as a static parameter. But markets don't have static liquidity.
// ❌ VULNERABLE: Static OI cap
contract PerpMarket {
uint256 public maxOpenInterest = 10_000_000e18; // $10M fixed
function openPosition(uint256 size) external {
require(totalOpenInterest + size <= maxOpenInterest, "OI cap");
// ... open position
}
}
// ✅ SECURE: Dynamic OI cap based on real liquidity
contract PerpMarketSecure {
ILiquidityOracle public liquidityOracle;
uint256 public oiToLiquidityRatio = 3; // Max 3x spot liquidity
function maxOpenInterest(address market) public view returns (uint256) {
uint256 spotLiquidity = liquidityOracle.getDepth(market, 500); // 5% depth
return spotLiquidity * oiToLiquidityRatio;
}
function openPosition(address market, uint256 size) external {
require(
totalOpenInterest[market] + size <= maxOpenInterest(market),
"OI exceeds liquidity-adjusted cap"
);
// ... open position
}
}
Flaw 2: Uniform Liquidation Penalties
When every liquidation pays the same percentage penalty regardless of market conditions, liquidation becomes predictable and exploitable.
// ❌ VULNERABLE: Flat liquidation fee
uint256 constant LIQUIDATION_FEE = 50; // 0.5% always
// ✅ SECURE: Dynamic fees based on market stress
function getLiquidationFee(address market) public view returns (uint256) {
uint256 utilizationRate = totalOpenInterest[market] * 1e18
/ maxOpenInterest(market);
uint256 volatility = getRecentVolatility(market);
// Base fee + utilization premium + volatility premium
uint256 fee = BASE_FEE
+ (utilizationRate * UTILIZATION_MULTIPLIER / 1e18)
+ (volatility * VOLATILITY_MULTIPLIER / 1e18);
return fee > MAX_FEE ? MAX_FEE : fee;
}
Flaw 3: Transparent Liquidation Levels
On-chain perp DEXs expose every position's liquidation price. This creates a liquidation hunting ground.
# Attacker's liquidation hunting script
async def find_liquidation_targets(market: str):
positions = await fetch_all_positions(market)
for pos in positions:
liq_price = pos['liquidation_price']
current_price = await get_price(market)
distance = abs(current_price - liq_price) / current_price
if distance < 0.05: # Within 5% of liquidation
cost_to_push = estimate_market_impact(
market,
target_price=liq_price,
direction='long' if pos['side'] == 'short' else 'short'
)
liquidation_reward = pos['size'] * LIQUIDATION_FEE
if liquidation_reward > cost_to_push * 1.5: # 50% profit margin
print(f"TARGET: {pos['address']} - Cost: ${cost_to_push}, Reward: ${liquidation_reward}")
Defense: Delayed position disclosure or ZK-proven liquidation levels
Some next-gen perp DEXs are exploring encrypted order books where liquidation levels are only revealed when they're actually triggered, using ZK proofs to verify margin requirements without exposing exact levels.
Flaw 4: Single-Source Price Feeds
If the liquidation engine relies on a single price source, manipulating that source manipulates liquidations.
// ✅ SECURE: Multi-source price with manipulation resistance
contract RobustOracle {
uint256 constant MAX_DEVIATION = 200; // 2% max deviation between sources
uint256 constant STALENESS_THRESHOLD = 60; // 60 seconds
struct PriceSource {
address oracle;
uint256 weight;
}
PriceSource[] public sources; // Chainlink, Pyth, TWAP, etc.
function getPrice(address token) external view returns (uint256) {
uint256[] memory prices = new uint256[](sources.length);
uint256 validCount;
for (uint256 i = 0; i < sources.length; i++) {
(uint256 price, uint256 timestamp) = IOracle(sources[i].oracle)
.getPrice(token);
if (block.timestamp - timestamp < STALENESS_THRESHOLD) {
prices[validCount] = price;
validCount++;
}
}
require(validCount >= 2, "Insufficient valid price sources");
// Median price (manipulation-resistant)
uint256 median = _calculateMedian(prices, validCount);
// Reject if any source deviates >2% from median
for (uint256 i = 0; i < validCount; i++) {
uint256 deviation = _percentDiff(prices[i], median);
require(deviation <= MAX_DEVIATION, "Price source deviation too high");
}
return median;
}
}
Flaw 5: No Liquidation Rate Limiting
When the liquidation engine processes all liquidations atomically, a cascade can drain the insurance fund in a single block.
// ✅ SECURE: Rate-limited liquidation with circuit breaker
contract LiquidationEngine {
uint256 public liquidationsThisEpoch;
uint256 public epochStart;
uint256 constant EPOCH_DURATION = 60; // 1 minute epochs
uint256 constant MAX_LIQUIDATIONS_PER_EPOCH = 10;
uint256 constant INSURANCE_FUND_THRESHOLD = 20; // 20% minimum
function liquidate(address account) external {
// Circuit breaker: pause if insurance fund depleted
uint256 fundRatio = insuranceFund.balance * 100 / totalOpenInterest;
require(fundRatio > INSURANCE_FUND_THRESHOLD, "Circuit breaker: fund depleted");
// Rate limiting per epoch
if (block.timestamp > epochStart + EPOCH_DURATION) {
epochStart = block.timestamp;
liquidationsThisEpoch = 0;
}
require(
liquidationsThisEpoch < MAX_LIQUIDATIONS_PER_EPOCH,
"Liquidation rate limit reached"
);
liquidationsThisEpoch++;
_executeLiquidation(account);
}
}
Solana Perp DEX Considerations
Solana's architecture introduces unique liquidation challenges:
// Anchor: Liquidation with Solana-specific guards
use anchor_lang::prelude::*;
#[program]
pub mod perp_liquidation {
use super::*;
pub fn liquidate_position(
ctx: Context<Liquidate>,
max_close_amount: u64,
) -> Result<()> {
let market = &ctx.accounts.market;
let position = &mut ctx.accounts.position;
let oracle = &ctx.accounts.oracle;
// Guard 1: Verify oracle freshness (Solana slot-based)
let clock = Clock::get()?;
let oracle_slot = oracle.last_update_slot;
require!(
clock.slot - oracle_slot <= 10, // Max 10 slots stale (~4 seconds)
ErrorCode::StaleOracle
);
// Guard 2: Cross-reference Pyth confidence interval
let price_feed = get_pyth_price(oracle)?;
require!(
price_feed.conf * 100 / price_feed.price < 2, // <2% confidence band
ErrorCode::OracleUncertain
);
// Guard 3: Position concentration check
let position_pct = position.size * 10000 / market.total_open_interest;
if position_pct > 500 { // >5% of OI
// Large position: use TWAP, not spot price
let twap = market.get_twap(300)?; // 5-minute TWAP
require!(
is_liquidatable_at_price(position, twap),
ErrorCode::NotLiquidatableAtTWAP
);
}
// Guard 4: Rate limit per market per slot
require!(
market.liquidations_this_slot < MAX_LIQUIDATIONS_PER_SLOT,
ErrorCode::LiquidationRateLimited
);
execute_liquidation(ctx, max_close_amount)?;
Ok(())
}
}
The Defense Checklist: Perp DEX Liquidation Security
Architecture Layer
- [ ] Open interest caps are dynamic, tied to real-time spot liquidity depth
- [ ] Liquidation penalties scale with market stress (utilization + volatility)
- [ ] Insurance fund has circuit breakers that pause liquidations at critical thresholds
- [ ] Liquidation rate limiting prevents cascade drain in single block/slot
Oracle Layer
- [ ] Minimum 2 independent price sources with median aggregation
- [ ] Staleness checks appropriate to chain finality (blocks for EVM, slots for Solana)
- [ ] Confidence interval validation (reject wide spreads)
- [ ] TWAP fallback for large position liquidations
Position Risk Layer
- [ ] Per-account position size limits relative to market liquidity
- [ ] Concentration limits (no single position >X% of total OI)
- [ ] Cross-margin calculations account for correlated assets
- [ ] New market listings have conservative initial parameters
Monitoring Layer
- [ ] Real-time alerts for unusual OI concentration
- [ ] Insurance fund balance monitoring with automatic parameter tightening
- [ ] Cross-venue price divergence detection
- [ ] Large position opening alerts (>1% of market OI)
The Bigger Picture
The Hyperliquid incidents reveal a fundamental tension in perp DEX design: the more transparent and trustless the system, the more game-theoretically exploitable it becomes.
Traditional centralized exchanges solve this with circuit breakers, position limits, and the ability to freeze accounts — all of which violate DeFi's core principles. The challenge for perp DEX builders in 2026 is finding the sweet spot: enough transparency to be trustless, enough safeguards to prevent the protocol from eating itself.
The protocols that survive will be the ones that treat their liquidation engine not as a simple margin-call system, but as a game-theoretic battleground that needs to be hardened against adversarial players with perfect information and unlimited creativity.
This article is part of the DeFi Security Research series. Follow for weekly deep-dives into smart contract vulnerabilities, audit tools, and security best practices.
Top comments (0)