Holy Hack! JELLY Token Exploit Drains $10.63M from Hyperliquid - Expert Spills the Beans

Hold onto your hats, folks! An expert from Oak Security just dropped the bombshell on what the heck went wrong with the JELLY token exploit that left Hyperliquid exchange reeling from a $10.63 million hit!

People are still reeling from the exploit that slammed Hyperliquid (HYPE) exchange's users with a whopping $10.63 million in losses. And guess what? Everyone's pointing fingers at Hyperliquid's shady practices!

Dr. Jan Philipp Fritsche, the big boss at Oak Security, just laid it all out for us. Brace yourselves, because according to Fritsche, this wasn't some random bug. Nope, it was a predictable failure that could shake up other DeFi protocols too!

Get this: the JELLY exploit was like a perfectly choreographed dance of market manipulation by a bunch of slick traders. One daring trader opened a $5 million short position on JELLY, then pulled the rug by removing their margin. Hyperliquid was left holding the bag, and then bam! Other traders swooped in for a short squeeze that left everyone's heads spinning.

"The attacker opened massive opposing positions in JELLY, knowing that one side would collapse and the other would cash out. Because payouts weren't capped and risk wasn't isolated, the protocol ate the loss—and the attacker walked away with millions," Dr. Jan Philipp Fritsche, Oak Security

Fritsche called this exploit a "textbook example of unpriced vega risk", a fancy term from the world of traditional finance that's all about an asset's implied volatility. And get this: he says a lot of DeFi protocols are still sleeping on this crucial risk metric!

Hyperliquid in the Hot Seat Over JELLY Exploit

This isn't the first time Hyperliquid's been called out over the Jelly incident. Bitget CEO Gracy Chen didn't hold back, slamming the exchange's practices as "immature, unethical, and unprofessional," and warning that it could be the next FTX 2.0!

Sure, Hyperliquid's promised to make things right for the users hit by the exploit, but the damage to their rep might be beyond repair. More importantly, this exploit's shining a spotlight on the bigger picture: the vulnerabilities lurking in the world of decentralized finance.

In 2024 alone, DeFi exploits have cost users a staggering $308.7 million in losses, outpacing even rug pulls, which racked up $192.9 million. And just days after the Jelly exploit, another DeFi protocol, SIR.trading, got hit with an exploit that wiped out all of its $355,000 in total value locked!