Last night, the crypto community was buzzing about "HYPER needs to be revalued." The reason was that Hyperliquid, a derivatives trading platform on a high-performance chain, once again reported that its HLP liquidity vault was attacked, resulting in millions of dollars being manipulated by market operators who shorted with one hand and traded spot with the other, making a hefty profit.
This incident once again pushed DeFi towards a fundamental and sharp question: When the infrastructure of a "decentralized" exchange is actually highly controlled by a single team, where exactly is the line between "decentralization" and "centralization"? Is the best security mechanism actually human? Hyperliquid may be, or perhaps it is a microcosm of the challenges faced by many on-chain DEXs when challenging the dominance of CEXs.
Review: Meticulously Designed Market Manipulation
The market operation on Hyper last night did not involve traditional smart contract vulnerabilities. The attacker seemed to precisely target the HLP vault mechanism of Hyperliquid. Similar to GMX's GLP, this vault allows users to deposit asset portfolios (such as stablecoins, ETH, BTC, etc.) to obtain HLP tokens, serving as the counterparty for platform traders and sharing trading fees and profits/losses.
The key issue lies in the calculation method of the HLP price. The attacker manipulated the "mark price" of certain assets with relatively low liquidity by performing extreme operations on the Hyperliquid platform (such as injecting large amounts of funds to pump or dump prices in a short time). Since the net value of HLP depends on the mark price of its held assets, this price distortion caused the HLP valuation to be suddenly and significantly raised.
Subsequently, the attacker used the HLP, whose value was "artificially inflated," as collateral to borrow assets far beyond its actual value on the Hyperliquid platform. Ultimately, these assets were transferred out, leaving behind HLP with an inflated value and actual asset losses, which were ultimately borne by other liquidity providers in the HLP vault. The JellyJelly incident caused losses estimated around $4 million, and if not officially compensated, these losses would be nominally on the depositing users.
The Appearance of "Decentralization" and the Core of "Centralization"
Hyperliquid is a high-performance DEX built on its own Layer 1 blockchain "Hyperliquid L1", aimed at solving the slow speed and high costs of DEXs on the Ethereum mainnet. Theoretically, this is a technical path pursuing higher efficiency and user experience, which could also address some regulatory issues faced by CEXs. However, market manipulators who have already played around on CEXs would never miss this new playground.
To achieve its claimed high throughput and low latency, the current network validators of Hyperliquid L1 are only run by the official core team. This means that although transaction settlement occurs on the blockchain, the sequencing of transactions, verification, and even the entire chain's state changes are actually in the hands of a single entity, which seems quite "centralized".
This "centralized decentralization" model brings several concerns:
If the Hyperliquid team's servers or infrastructure have issues, the entire trading platform could become stagnant. It could also enable the team to selectively process transactions or even rollback or intervene in extreme cases (although there is currently no evidence they would do so).
What's fatal is the trust issue. When the storm arrives, users must trust that the Hyperliquid team will not act maliciously or abuse the control of the dedicated chain and protocol. Essentially, this is no different from trusting the operators of a CEX. Even CZ often talks about transparency bringing trust, let alone Hyper, which has just stepped onto the DEX platform and needs more time to stabilize its footing, benchmark against Binance, and the larger the market volume, the more likely it is to be criticized.
Although the direct cause of this JELLY market manipulation incident was the vulnerability of the oracle (or mark price calculation mechanism), the community cannot help but point out the centralized validator structure behind it, which brings another question: If the network is truly controlled by a single team, why can't they detect anomalies faster, intervene to stop them, or even make interventions beneficial to users when necessary?
The existence of this centralized control right puts HYPER in an awkward position when facing a crisis - unable to completely absolve responsibility (because they have the control to directly pull the plug and delist JELLY), yet possibly unable to cut losses in time due to not being "decentralized" enough (just look at the response and PR of some hacked CEXs).
DEX Hits the Wall, Why Is It Difficult to Shake CEX?
Hyperliquid's dilemma is not an isolated case; it reflects the challenges currently faced by DEXs in competing with CEXs:
User Experience (UX) and Ease of Use: CEXs offer integrated services, from fiat on/off-ramps, spot trading, derivatives to financial products, usually with user-friendly interfaces and lower entry barriers. DEXs require users to manage wallets, private keys, understand gas fees, cross-chain bridging, and other concepts, which are not user-friendly for newcomers.
Liquidity and Trading Depth: Top CEXs gather massive global users and market makers, possessing excellent liquidity and trading depth with lower slippage. DEX liquidity is relatively scattered across different protocols and chains, especially for non-mainstream coins, often with insufficient depth and high slippage for large trades, which JELLY was severely exploited this time.
Performance and Cost: Although Layer 2 and dedicated application chains (such as Hyperliquid L1) attempt to solve performance issues, there is still a gap compared to the efficiency of centralized matching engines in CEX. At the same time, on-chain interactions inevitably generate gas fees (which also exist on L2).
Security Risks: The main risks of CEX are platform security (hacker attacks, internal misconduct) and custody risks. DEX faces multiple native on-chain risks beyond potential front-end phishing, including smart contract vulnerabilities, price oracle manipulation, flash loan attacks, and economic model design flaws, which are hard to defend against. As exposed in this Hyperliquid incident, even if the contract itself has no vulnerabilities, attacks around its AMM mechanism can cause massive losses.
Hyperliquid and the "application chain DEX" model it represents attempt to find a balance between performance and decentralization, or perhaps just superficially connecting traditional CEX server rooms to the chain, similar to how POS working mechanisms were initially mocked as "server room chains". Once encountering an incident like the JELLY event, it undoubtedly exposes its potential "original sin" - centralization can stop the crisis, humans can quickly pull the plug, and when the program is not good enough, when plans fail, humans are still the ones who cut losses and press the nuclear self-destruct button.
