Author: Frank, PANews
The Hyperliquid token HYPE set a new high again on August 27, and on the day before, August 26, a meticulously planned 'flash short squeeze' storm swept through the XPL forward contract market on Hyperliquid. In less than an hour, the price candlestick chart was violently pulled out to nearly vertical lines, and countless short traders' accounts instantaneously went to zero while the manipulators made off with over $46 million in huge profits.
This incident quickly caused a stir in the crypto community, intertwining wails, anger, and conspiracy theories. People can't help but ask: was this a chance extreme market fluctuation or a precise 'slaughter' exploiting protocol vulnerabilities? And why does Hyperliquid, at the center of the storm, repeatedly become the perfect hunting ground for whales?
A premeditated 'hunting' operation
This seemingly sudden market crash is actually a meticulously planned hunting operation.
According to on-chain data tracking by Ai Yi, this coordinated attack was executed by at least four core wallet addresses. Among them, the roles and capital deployment of the two main attacking addresses are particularly clear: one is an address starting with 0xb9c0, and the other is the address with the username 'silentraven' on DeBank. The other two addresses played auxiliary roles. The operations of these wallets showed similar actions; between the 23rd and 25th, three addresses transferred large amounts of funds to start going long on XPL. Among them, the main attacking address, 0xb9c0, even preemptively used $11 million in USDC to open long positions in XPL at an average price of around $0.56 on Hyperliquid.
The DeBank username 'silentraven' address established a long position of 21.1 million XPL using $9.5 million of USDT at an average price of $0.56 over the past three days.
These several addresses collectively invested over $20 million, absorbing huge long positions in batches and at different times within almost the same price range. Moreover, several of these addresses clearly only ambushed long positions for XPL after they were created.
Around 5:30 AM on August 26, while most traders in the Asia region were still asleep, the hunting moment quietly arrived.
The address 0xb9c0 transferred an additional $5 million to the Hyperliquid platform. Then it indiscriminately pushed up the price of the token. In a pre-market for XPL that already had extremely thin liquidity, this capital was like a spark thrown into a powder keg, instantly igniting the entire order book. In just a few minutes, the price of XPL skyrocketed from around $0.6 to $1.8, an increase of over 200%.
In this short-term increase, several obvious results will occur. First, most traders will not have time to increase their margin to raise the liquidation price. Second, even the hedging orders with a minimum leverage of 1x can be liquidated. Third, as many short positions are liquidated one by one, the forced buy orders will further push the price up, creating the most terrifying 'short squeeze' phenomenon in the financial market.
Finally, at the peak price stage, the manipulators began to close positions at prices between $1.1 and $1.2. According to Ai Yi, this operation brought the manipulators more than $46 million in profit.
$60 million in wails and the platform's 'indifference'
A feast of capital inevitably comes with the wails of another group of people. When manipulators return loaded with profits, all that is left for other market participants are bloody loss accounts and endless questions.
Crypto KOL @Cbb0fe stated that he allocated 10% of his funds on Hyperliquid for hedging, resulting in a loss of $2.5 million, and he will no longer touch isolated markets.
Other media reported that the maximum loss for a single address was approximately $7 million. However, specific batch address information was not disclosed, so there are questions about it.
However, from the perspective of the manipulators' profits, the maximum profit amount at that time had indeed exceeded $46 million, and it is currently unknown whether there were other undiscovered partners involved in this process.
From the changes in contract holdings, before the attack began, the contract holding amount for XPL on Hyperliquid peaked at $153 million, and then quickly plummeted to $22.44 million, with a reduction of over $130 million; the overall loss for short users is expected to reach $60 million.
This loss even exceeded the maximum floating loss of $11 million caused by the manipulation of the JELLY token in March. Perhaps this time, because the official party did not suffer direct losses, the victims could only silently swallow their bitter losses.
In community discussions, a familiar name has been repeatedly mentioned: Tron founder Justin Sun. Some users pointed out that during this attack, one address had transferred ETH to Justin Sun's associated address years ago, but this action does not directly prove that the address has actual ties to Justin Sun.
After the incident, many users also turned their hopes to Hyperliquid, expecting the platform to provide an explanation or remedial actions. However, this time, Hyperliquid did not violently close profitable orders and directly shut down related accounts as it did when handling the manipulation of JELLY tokens in March. Instead, they responded in the official Discord community, stating that the XPL market experienced severe fluctuations, but Hyperliquid's blockchain operated normally during this period without any technical issues. The liquidation and automatic deleveraging (ADL) mechanisms were executed according to public protocols, and due to the platform's completely isolated margin system, this incident only affected XPL positions, and the protocol did not incur any bad debts.
For many onlookers, it is reasonable not to make adjustments. After all, at the time of XPL's launch, Hyperliquid had already issued warnings about high volatility and risks, and such manipulation was all carried out under market rules.
However, for those who have suffered greatly, such a response seems somewhat cold.
Cause of the tragedy: a fatal collusion of platform, targets, and timing.
Looking back at the entire event, this is not the first time Hyperliquid has experienced similar market manipulation. In this process, it is evident that the manipulators had premeditated and meticulously planned the outcome. On the other hand, it is also closely related to Hyperliquid's own platform design.
First, such short squeeze operations are not uncommon in financial markets and often occur in illiquid, isolated price markets. This operation on Hyperliquid is based on several of Hyperliquid's characteristics: first, the extreme transparency on-chain allows manipulators to calculate the necessary funds to manipulate the market and the effects achieved through publicly available data such as open positions, liquidation prices, and funding rates. Second, Hyperliquid's isolated oracle system, as XPL adopts an independent pricing system on Hyperliquid without relying on external oracles, allows manipulators to freely control prices within this enclosed environment without worrying about the difficulties posed by price balancing from other exchanges.
Additionally, there are many subtleties in the choice of targets for manipulation. This time, the manipulated XPL (and another token WLFI, which had a similar but less exaggerated situation) were both tokens that had not yet been launched, meaning this is a type of 'paper contract', which does not have issues with spot delivery or spot dumping pressure, making them easier to manipulate.
Finally, regarding the timing of the attack. Before the attack, the trading volume of XPL every five minutes was only several hundred thousand tokens, amounting to about $50,000. This was precisely during the weakest period after its launch when trading enthusiasm had waned; such thin liquidity provided attackers with an opportunity to execute market manipulation with minimal capital.
The XPL incident exposed profound structural risks, reminding us to reflect on both the platform and user levels.
From the platform's perspective, the first is the mechanism's vulnerability. Since 2025, Hyperliquid has experienced three market manipulation incidents. Each time, there are almost always some vulnerabilities exposed in Hyperliquid as a decentralized derivatives exchange. The result of these vulnerabilities is repeated damage to ordinary users' funds, while simultaneously weakening Hyperliquid's credibility. In this case, on one hand, it is the enclosed oracle mechanism that caused the siege, and on the other hand, it is the lack of active intervention by the platform's liquidity to suppress prices when abnormal positions appeared.
Secondly, is it more important to treat all evildoers equally or to maintain a decentralized shell? In the JELLY incident, Hyperliquid unhesitatingly initiated on-chain voting, ultimately preserving losses and expelling evildoers. At that time, the reasonable explanation was to protect the platform users' treasury from losses, leading to actions detrimental to decentralization. But in the face of amounts far exceeding losses from the last incident, whether it is because the platform treasury was not harmed or to prevent the decentralized flag from falling again, choosing to ignore it may leave a significant question in users' minds.
Finally, for users, the XPL manipulation incident once again reminds us to be vigilant about liquidity scarcity and isolated markets. In the market, those with extremely low liquidity and lacking spot market anchored forward contracts are often favored 'hunting grounds' for whales. Moreover, lowering leverage and setting stop losses—these age-old trading principles—are never mere empty talk.
