At around 5:30 AM today, a meticulously planned on-chain hunt began in the night.
On Hyperliquid, XPL soared from $0.6 to $1.8 at a rocket-like speed in a short time (note that during the same period, the contract price on Binance did not fluctuate violently), which directly caused a large number of short positions that were hedging the BN-HL rate difference to be liquidated, resulting in total loss.
According to statistics, this attack caused losses exceeding $17.67 million. Whether or not it was orchestrated by Sun Ge is unclear, but the reflections it brings, while shocking, still warrant a need for review.
1. On-site Replay: How the Hunt Took Place
Firstly, it should be clear that this incident did not exploit a technical vulnerability, but rather a profound understanding and extreme utilization of market mechanisms, referred to as 'oracle manipulation'.
Select the prey and wait for the opportunity.
The chosen target for this hunt — XPL — is a token with special characteristics. It is traded on Hyperliquid in the form of pre-market contracts, while there is no spot trading on mainstream CEX, meaning its liquidity is extremely poor. This is precisely the core attribute that made it a qualifying target.
Now let's talk about Hyperliquid's liquidation mechanism, which uses a 'marked price' that is a result of a mixed calculation, combining the weighted prices of external CEXs and the status of the platform's own order book.
This mixed price model aims to improve the robustness of the liquidation price, making it less susceptible to single instantaneous price fluctuations. However, for a token with extremely poor liquidity, the weight of the latest transaction price component in the order book may be abnormally amplified in the marked price, providing technical feasibility for manipulation.
Meticulously laid out, leading the target into the trap.
Before the attack was launched, a large number of users, including those arbitraging the Binance-Hyperliquid funding rate difference and those who were using spot holdings to hedge short contracts, became the attackers' targets.
These users believe that because they have corresponding long positions on CEX or on-chain, even if the price on Hyperliquid fluctuates, their overall position is Delta neutral, and thus they have let their guard down. Little do they know, they have already walked into a trap set by the attacker.
Violent price surge, triggering liquidation
Once everything was ready, the attacker cleared the order book of XPL on Hyperliquid in a very short time with one or several large buy orders. Due to the extremely poor liquidity of XPL, this buy order violently pushed the price up instantly. At this moment:
1) The explosive rise in the order book price directly caused Hyperliquid's marked price (which was almost equal to the order book price at this time) to surge instantly.
2) The marked price exceeded the liquidation threshold, triggering a large number of short positions to be liquidated. Hyperliquid's liquidation engine would execute automatic buy operations to close the short positions.
3) The buying behavior of the liquidation engine further increased the buying pressure in the market, causing the price to continue rising, thereby triggering more short positions to be liquidated.
Thus, a terrifying 'liquidation positive feedback loop' was formed. Price surges — triggering liquidation — liquidation engine buys — price further surges — triggering more liquidations…
In the end, even those users who used 1x leverage to short for hedging, and those who added extra margin, did not escape disaster; their positions were instantly liquidated, resulting in heavy losses, even total loss.
2. DEX: Unwitting Accomplices
So, why did this attack occur on a DEX like Hyperliquid rather than on a CEX like Binance? In fact, the success of this attack was not accidental, but rather due to the existence of:
Differences in price discovery mechanisms.
CEX primarily relies on its internal deep order book for price discovery. Its marked price is mainly based on internal prices, with low reliance on external prices. DEXs, especially perpetual contract DEXs, often rely on external oracles to obtain spot prices. When the oracle data source itself has vulnerabilities (such as lack of effective data) or is manipulated by the internal market, it gives attackers an opportunity.
Differences in risk control mechanisms.
CEX has centralized risk control teams and strong circuit breaker mechanisms. If prices experience abnormal, baseless fluctuations, CEX can immediately suspend trading and even intervene manually to prevent market loss of control. DEX's risk control is automated and relies entirely on smart contract code. Code is dead; once attackers find vulnerabilities, they will be ruthlessly exploited.
Differences in liquidity management.
CEX takes stricter risk control measures when launching new coins or low liquidity tokens, such as setting extremely low leverage limits (or not providing leverage) to limit users' risk exposure. On Hyperliquid, the leverage multiple for XPL can be as high as 10 times, providing space for attackers to amplify their attack effects.
It can be said that Hyperliquid's mechanism, when dealing with tokens like XPL, failed to fully consider potential extreme situations, leaving room for attackers and becoming an unwitting accomplice.
3. Survival Guide: How Retail Investors Can Prevent
This bloody lesson not only exposed the inadequacies of specific DEX mechanisms but also sounded the alarm for all retail investors. So, as ordinary investors, how should we prevent such attacks?
Recognize market liquidity, be cautious with high leverage.
In any market, liquidity is the lifeline of traders. Before trading any token, first confirm whether its liquidity is sufficient, especially in high-risk markets like perpetual contracts. If a token does not have depth on mainstream CEX, then it is a high-risk minefield on any DEX.
For low liquidity tokens, avoid using high leverage. Even a 1x leverage hedge may become ineffective in such extreme situations. The logic of hedging is based on a stable reference price, if the reference price itself can be manipulated, hedging loses its meaning.
Understand the liquidation mechanism of the protocol you are using.
Do not blindly believe that 'decentralization' means 'safety'. Every DeFi protocol has its unique risks and operational mechanisms. Before trading, be sure to take the time to read the project's official documentation to understand its liquidation mechanism, oracle model, and risk management measures.
Be wary of 'pre-market contracts' and non-mainstream tokens.
'Pre-market contracts' are themselves a high-risk product. These tokens have not undergone adequate market pricing, their prices fluctuate greatly and are easily manipulated. Unless you have high knowledge of such projects and the ability to bear total losses, it is better to keep your distance.
Diversify risks, do not put all your eggs in one basket.
One lesson from this incident is that even seemingly 'safe' hedging strategies may fail due to platform mechanism vulnerabilities. Diversifying funds across different platforms and assets is the most basic way to guard against black swan events.
In summary, decentralized finance brings us unprecedented freedom and opportunities, but freedom always comes with responsibility and risk.
In the world of DEX, there is no central bank to rescue the market, nor is there a risk control team to intervene. What you face is pure, ruthless code and rules. Therefore, staying vigilant at all times, understanding and respecting the operation principles of the tools you use is the best way to survive.
