Jelly-My-Jelly Token Pumps 400% in Hyperliquid Exploit

On March 26, the decentralized finance (DeFi) sector witnessed a significant exploit involving the Jelly-my-Jelly (JELLY) memecoin on the Hyperliquid exchange. The incident unfolded over a few hours, resulting in a short squeeze that saw the token's price pump by 400% before the market was shut down. The exploiter deposited $7 million across three separate Hyperliquid accounts, taking leveraged positions on the illiquid JELLY token. Two accounts took long positions of $2.15 million and $1.9 million, while the third took a $4.1 million short position to balance the others out. As the price of JELLY increased, the short position was liquidated but was too large to be handled normally, passing it to the Hyperliquidity Provider Vault (HLP). The exploiter then began to withdraw funds, but Hyperliquid restricted their accounts, leading the exploiter to sell their remaining JELLY position.

Hyperliquid announced the delisting of perpetual futures trading for the JELLY token, citing evidence of suspicious market activity. The exchange stated that all users, except for flagged addresses, would be compensated from the Hyper Foundation based on onchain data. The HLP, which had taken a hit from the long positions, reported a positive net income of $700,000 over the last 24 hours. Hyperliquid acknowledged the need for technical improvements and expressed confidence in the network's growth following the incident.

Market observers criticized Hyperliquid's handling of the situation. The CEO of a major exchange, Gracy Chen, described the exchange's actions as immature, unethical, and unprofessional, suggesting that it could become the next FTX. Chen highlighted the dangerous precedent set by closing the Jelly market and settling positions at a favorable price. Alvin Kan, the chief operating officer of a prominent wallet service, emphasized the volatility of hype-based price action in DeFi, noting that sustainable platforms require fundamentals rather than speculation. Arthur Hayes, the founder of a leading crypto derivatives exchange, implied that reactions to the Jelly incident were overblown, questioning the decentralized nature of Hyperliquid and the concern of traders.

The incident serves as a reminder of the ongoing challenges in the DeFi sector, particularly regarding oversight and security. The Bybit hack in February, which saw North Korean hackers steal $1.4 billion, underscores the vulnerabilities in the space. The JELLY exploit on Hyperliquid adds to the list of significant incidents, highlighting the need for improved security measures and regulatory frameworks. Despite the criticism, it remains to be seen whether the DeFi community will push for greater oversight or continue to operate in a largely unregulated environment.

The true irony of the exploit is that it appears everyone lost out—the exchange, traders, and even the exploiter. The trader deposited $7.17 million into their accounts but was only able to withdraw $6.26 million, leaving a balance of around $900,000 still on their Hyperliquid accounts. If they are able to retrieve the remaining funds, the exploit will cost them around $4,000; if not, it could result in a loss of nearly $1 million. This incident underscores the high-stakes nature of DeFi trading and the potential for significant financial losses, even for those attempting to exploit the system.