🚨 Case Analysis | Hyperliquid suffers a deliberate 'leverage flash crash' attack, resulting in a loss of $4.9 million
In November, attackers orchestrated a targeted strike on the POPCAT market of the derivatives protocol Hyperliquid.
🔍 Attack Method:
Layout: Using 19 wallets, a principal of $3 million was used to establish a long position of $20-30 million with 5x leverage on the platform.
Manipulation: Simultaneously placing a large number of buy orders to create a false impression of strong buying pressure to support the price.
Detonation: Suddenly withdrawing all supporting buy orders, causing the POPCAT price to flash crash and triggering a chain liquidation of its own positions.
Pass-through: Due to insufficient market depth, the HLP (Liquidity Provider) pool within the protocol was forced to take on bad debts, ultimately resulting in a loss of $4.9 million.
💡 Essence and Warning:
This is a typical 'economic model attack'. The attackers did not exploit code vulnerabilities but maliciously leveraged the protocol's own leverage, liquidation, and liquidity pool rules to systematically transfer risk to the protocol and all liquidity providers.
It warns all DeFi projects, especially derivatives protocols: Risk control must be able to identify and defend against these complex trading strategies conducted within the rules, with clear fraudulent intent.
