On November 13, 2025, Hyperliquid — a decentralized perpetuals exchange on its own L1 — suffered a deliberate grief attack that cost its liquidity vault approximately $4.9 million in bad debt. The attacker did not profit. They spent $3 million to inflict $4.9 million in damage. The attack exploited two interacting weaknesses: excessive leverage allowed on an illiquid token (POPCAT), and Hyperliquid’s HLP vault design, which unconditionally absorbs any bad debt generated by undercollateralized liquidations.
It was Hyperliquid’s third market manipulation attack of 2025, following identical mechanics in March (JellyJelly, ~$12M) and July (HyperVault, ~$3.6M). The protocol had not yet adjusted leverage parameters on illiquid tokens.
Background: Hyperliquid and the HLP Vault
Hyperliquid is a fully on-chain, order-book based perpetuals DEX running on its own L1 (HyperEVM). Unlike most DeFi protocols that rely on AMMs, Hyperliquid operates a central limit order book (CLOB) with on-chain matching.
The HLP (Hyperliquid Provider) Vault is central to the protocol’s design. It serves two functions:
- Market making: HLP LPs deposit USDC to provide liquidity on the order books
- Liquidation backstop: when a position cannot be closed at a price covering its collateral deficit, the HLP vault absorbs the resulting bad debt
This second function is the attack surface. Any event that generates bad debt large enough to overcome the vault’s buffer harms HLP LPs directly.
The attack mechanics
Phase 1 — Capital preparation and wallet distribution
The attacker withdrew approximately $3 million in USDC from OKX (a centralized exchange) and distributed it across 19 separate wallets. This fragmentation served two purposes:
- Bypass position limits: Hyperliquid enforced per-account caps on open interest for individual tokens
- Obscure the coordinated nature: 19 independent-looking accounts building longs is less suspicious than one account building a $20M position
Each wallet opened a long position on POPCAT/USD perpetual with leverage exceeding 10x. Total notional exposure across all 19 wallets: over $20 million.
Why POPCAT?
POPCAT was not a random choice. The token had several properties that made it ideal for this attack:
- Low market cap: small total value, meaning a $20M order has disproportionate price impact
- Thin order book on Hyperliquid: limited organic liquidity to absorb large orders without significant price movement
- High leverage permitted: Hyperliquid allowed >10x leverage on POPCAT despite these liquidity characteristics
- High volatility: makes abnormal price moves appear within the range of normal trading
Phase 2 — Artificial pump
With 19 wallets holding $20M+ in coordinated longs, the attacker placed a large buy order of approximately $20M near $0.21/POPCAT. This order:
- Absorbed the existing sell-side liquidity on the book
- Pushed the POPCAT price upward mechanically
- Attracted external momentum traders who saw a rising market and entered their own longs
- Increased total open interest and made the eventual crash more damaging to third parties
The pump was not intended to generate profit — it was designed to maximize the number of leveraged positions that would be wiped out in the crash.
Phase 3 — Controlled crash and liquidation cascade
The attacker abruptly withdrew all buy-side orders. With no support, the POPCAT price collapsed:
$0.21 → $0.13 (-38% in seconds)Every leveraged long position — including the attacker’s own 19 wallets — passed below their liquidation price. The Hyperliquid engine began processing liquidations sequentially.
The cascade worked as follows:
Price drops sharply
→ Leveraged longs hit liquidation prices
→ Engine closes positions at market price
→ Market price continues falling (liquidation selling pressure)
→ More positions hit their liquidation price
→ RepeatDuring a fast, deep cascade like this, positions are closed at prices well below their initial margin. The shortfall — the bad debt — is whatever cannot be recovered from the position’s collateral.
Phase 4 — HLP vault absorbs the damage
Hyperliquid’s HLP vault is the liquidation backstop of last resort. All bad debt generated by the cascade was transferred to the vault:
| Party | Financial outcome |
|---|---|
| Attacker (19 wallets) | -$3M (all positions liquidated) |
| Third-party longs (external traders) | Liquidated — losses depend on entry prices |
| HLP Vault | -$4.9M (bad debt absorbed) |
| HLP liquidity providers | Proportional loss on vault balances |
The attacker lost their entire $3M stake — deliberately. Their goal was not profit, but protocol damage: financial (bad debt to HLP), reputational (third major attack in 2025), and operational (forced halt of withdrawals and the Arbitrum bridge).
Grief attack economics
This class of attack is worth studying because it defies the standard security model, which assumes attackers are rational profit-seekers:
Attacker cost: $3,000,000
Damage inflicted: $4,900,000
Damage ratio: 1.63xA grief attack is profitable not for the attacker, but for anyone who is short the protocol’s token (HYPE), long a competitor, or seeking to destabilize a rival platform. In competitive DeFi markets, $3M to impose $4.9M in damage and trigger record capital outflows may be an extremely rational expenditure.
The fact that this was Hyperliquid’s third identical attack in 2025 strongly suggests either persistent adversarial targeting or a systemic failure to adjust risk parameters after each incident.
Third attack in 2025: a pattern ignored
| Date | Token | Method | HLP Loss |
|---|---|---|---|
| March 2025 | JellyJelly | Pump & liquidation manipulation | ~$12M |
| July 2025 | Undisclosed | Leverage manipulation | ~$3.6M (HyperVault) |
| Nov 13, 2025 | POPCAT | Multi-wallet pump & crash | ~$4.9M |
After the March JellyJelly incident, Hyperliquid announced parameter adjustments. After the July incident, another round. By November, an identical attack vector was still available on POPCAT — an illiquid token with excessive leverage. The pattern suggests that leverage parameter governance was either too slow, too narrow, or subject to competitive pressure from trading volume.
Root cause analysis
Primary: excessive leverage on illiquid markets
The attack’s feasibility depended on one misconfiguration: >10x leverage on a low-liquidity, low-cap token. Appropriate leverage limits are a function of market depth, not just volatility:
Appropriate max leverage ≈ f(order book depth, daily volume, market cap)For POPCAT at the time of the attack, this formula would have yielded a maximum leverage well below 5x.
Secondary: HLP as uncapped bad debt absorber
The HLP vault has no mechanism to:
- Cap the bad debt it absorbs in a single event
- Socialize losses across a wider set of participants beyond HLP LPs
- Halt absorption when bad debt exceeds a safety threshold
In the absence of these controls, any sufficiently large grief attack will succeed as long as the cost of generating bad debt is less than the damage inflicted.
Tertiary: absence of multi-wallet detection
19 coordinated wallets moving in unison is a detectable behavioral pattern. Real-time anomaly detection — looking for correlated position-building across accounts — could have flagged this activity before the crash was triggered, allowing the team to pause the POPCAT market.
Protocol response
Following the attack, Hyperliquid:
- Halted withdrawals temporarily to stabilize the vault
- Suspended the Arbitrum bridge to prevent capital flight from exacerbating HLP losses
- Announced intent to review leverage parameters across all tokens
The emergency response demonstrated operational capability but underlined the reactive nature of the protocol’s risk management.
What would have stopped this
| Control | Effect |
|---|---|
| Max leverage on POPCAT ≤ 3x | Position size insufficient to generate meaningful bad debt |
| Bad debt circuit breaker | Automatic market halt when HLP loss exceeds threshold |
| Coordinated wallet detection | Flag 19 wallets building correlated positions, pause market |
| Insurance fund | Dedicated bad debt reserve separate from LP capital |
| Position concentration limits by notional | Hard cap on open interest regardless of account count |
Sources
- Halborn — technical analysis: https://www.halborn.com/blog/post/explained-the-hyperliquid-hack-november-2025
- CoinDesk — POPCAT manipulation report: https://www.coindesk.com/markets/2025/11/13/peak-degen-warfare-alleged-popcat-manipulation-hits-hyperliquid-with-usd4-9m-loss
- CCN — third attack 2025: https://www.ccn.com/news/crypto/hyperliquid-attack-popcat-again-5million/
- Yahoo Finance — bad debt details: https://finance.yahoo.com/news/hyperliquid-hit-third-market-manipulation-113215395.html
- Bitget News — HLP pressure: https://www.bitget.com/news/detail/12560605064157
- Gate.com — Hyperliquid risk analysis: https://www.gate.com/crypto-wiki/article/what-are-the-biggest-security-risks-for-hyperliquid-hype-in-2025
- CoinMarketCap — outflows and DPRK allegations: https://coinmarketcap.com/academy/article/hyperliquid-faces-record-outflows-amid-north-korea-hack-allegations