Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
According to Arkham’s monitoring, an attacker allegedly carried out a deliberate exploit against HLP (Hyperliquidity Provider) on Hyperliquid. The attacker used 19 wallets and $3 million in principal to open a leveraged long position worth $20–30 million on POPCAT with 5× leverage, while placing large buy walls to support the price. Subsequently, the attacker suddenly removed the buy walls, causing a flash crash in POPCAT’s price and triggering the liquidation of their $3 million collateral to zero. Due to the lack of liquidity, HLP was forced to absorb the position, ultimately resulting in a bad debt loss of $4.9 million. Analyst @mlmabc noted that losing $3 million within seconds was not a mistake or negligence, but rather a deliberate attack targeting both HLP and Hyperliquid. Attack method (per SlowMist): Price Manipulation. Reported loss: $ 4,950,000.
- chain
- —
- protocol
- Hyperliquid
- bug_class
- oracle
- date_occurred
- 2025-11-13
- loss_usd
- $4,950,000
- source_id
- sm:hyperliquid::2025-11-13