Meet the Top 101 in Crypto
News
4 min read

Hyperliquid Hit by Third Market Manipulation Attack in 2025 — $5M in Bad Debt After POPCAT Crash

Published 13 November 2025
Prashant Jha
Authors
Edited by Insha Zia

Key Takeaways

  • Hyperliquid’s liquidity vault was hit by a self-inflicted manipulation attack, leaving $4.9 million in bad debt.
  • The attacker intentionally sacrificed $3 million worth of POPCAT to push losses onto HLP liquidity providers.
  • This marks Hyperliquid’s third similar attack in 2025, following incidents in March and July.

Hyperliquid, one of the fastest-growing decentralized perpetuals exchanges, is dealing with another round of market manipulation after an attacker used the Solana-based memecoin POPCAT to push losses onto its liquidity vault.

The incident, which generated roughly $4.5–$4.9 million in bad debt for the platform’s HLP vault, follows two similar events earlier this year and highlights ongoing risks in thin-liquidity perp markets.

Earn Crypto with These Top Mining Apps
Sponsored
Disclosure
Opened in 2009
Promotions
Earn a commission on your referral’s transactions.
Coins
Bitcoin Bitcoin Cash Ravencoin Zcash Ethereum Classic +6
Opened in 2019
Promotions
Sign up, verify, deposit 100 USDT, get 100 USDT bonus
Coins
Bitcoin Bitcoin Cash Litecoin Ethereum Classic Zcash +2
Show More

A Self-Sabotage Designed To Hurt the HLP Vault

The attack began early Nov. 12, when the exploiter withdrew roughly $3 million in USDC from OKX and scattered it across 19 wallets.

From there, the plan was straightforward:

  1. Open $26 million in highly leveraged POPCAT longs on Hyperliquid.
  2. Place a massive buy wall ($20 million) at $0.21 to fake demand.
  3. Cancel the buy wall, sending the price into a freefall.
  4. Liquidations cascade, and HLP is forced to absorb the bad debt.

When the buy wall disappeared, POPCAT plunged roughly 30% within seconds.

All of the attacker’s positions were liquidated. They burned $3 million of their own capital, but incurred nearly $5 million in losses for HLP.

Hyperliquid allows up to 50x leverage on certain markets. The attacker used roughly 5x on POPCAT, but the token’s thin liquidity delivered the rest of the damage.

Importantly, this was not a protocol exploit. Hyperliquid’s blockchain, matching engine, and smart contracts weren’t compromised.

The event was a pure market manipulation attack, relying on spoofing, leverage, and timing.

Not the First Time — Hyperliquid Faces Repeat Pattern

This is now the third major manipulation event targeting Hyperliquid in 2025:

  • March: Attack centered on JELLYJELLY
  • July: Attack involving TST
  • November: POPCAT-triggered cascade

Together, the incidents highlight a structural vulnerability across fast-growing decentralized perps exchanges:

High-leverage, illiquid tokens, and community-funded liquidation pools together create a predictable target for market manipulation.

Why Hyperliquid Keeps Getting Targeted

Hyperliquid has become the breakout success of decentralized perpetuals this cycle, regularly posting over $10 billion in daily trading volume and commanding outsized market share.

But success also paints a target.

Hyperliquid’s rapid ascent has forced centralized exchanges to respond, either by building competing DEX perps products or backing emerging platforms.

Aster, backed by Binance, is widely viewed as Hyperliquid’s closest rival, with more than $7 billion in daily volume.

That rivalry has fueled online speculation. Some users, without evidence, suggested the attack was orchestrated to damage Hyperliquid’s dominance.

Others argued that market manipulation is simply the cost of doing business in the current DEX perps environment.

Hyperliquid Pauses Withdrawals, Market Panics

In the immediate hours after the attack, Hyperliquid temporarily halted deposits and withdrawals.

Some questioned how “decentralized” the system could be if withdrawals could be paused.

Others pointed to the repeated pattern of thin-liquidity memecoin markets causing outsized damage.

And a vocal minority claimed the attack showed that “crime season” had returned to DEX perps.

Hyperliquid has not reported any compromise of smart contracts, custodial systems, or validator infrastructure.

Instead, the exchange framed the event as a price manipulation incident, not a hack — aligning it with previous attacks earlier this year.

Prashant Jha

Prashant Jha is a seasoned crypto journalist based in Delhi, India, with a Bachelor’s Degree in Computer Science Engineering. Passionate about the evolving world of blockchain and cryptocurrencies, he has been a dedicated voice in the industry since 2018. Prashant’s expertise lies in regulatory reporting, where he unravels complex legal and financial developments with clarity and precision. Before joining CCN in 2024, he honed his craft at Cointelegraph, establishing himself as a trusted name in crypto journalism.

His coverage spans major industry events, including the high-profile collapses of FTX, Three Arrows Capital (3AC), and LUNA, offering readers insightful analyses of their regulatory and market implications. Prashant’s technical background enables him to bridge the gap between intricate blockchain technology and its real-world applications, making his work accessible to novices and experts.

Beyond his professional pursuits, Prashant is an avid music enthusiast, often exploring diverse genres to unwind. A sports lover, he has a particular passion for cricket and frequently engages in discussions about the game. His multifaceted interests and sharp journalistic instincts make him a valuable contributor to CCN, where he continues shaping the crypto landscape's narrative.

Related

Survey Icon
Help us improve
1 of 4
Is this your first time here?
What brought you here today?
What are you most interested in?
Would you be interested in:
Thank you icon
Thank you for your feedback!
DMCA.com Protection Status