TL;DR
- A trader intentionally sacrificed $3 million to trigger cascading liquidations.
- The attacker created a fake $20 million buy wall for manipulation.
- Community called the event a costly act of sabotage or art.
A trader intentionally sacrificed $3 million to trigger cascading liquidations on Hyperliquid, resulting in a $4.9 million loss to the platform’s Hyperliquidity Provider (HLP) vault. The event, described by community members as both sabotage and “performance art,” has become one of the most severe single incidents faced by the protocol since its inception.
According to blockchain analytics firm Lookonchain, the sequence began when the attacker withdrew 3 million USDC from OKX and distributed it across 19 new wallets. The trader used the funds to open more than $26 million in leveraged long positions tied to HYPE, a perpetual contract denominated in POPCAT.
Someone just manipulated $POPCAT to attack #Hyperliquid, burning through $3M of their own funds — and causing $4.9M in losses for the Hyperliquidity Provider (HLP).
The attacker withdrew 3M $USDC from #OKX yesterday, split it across 19 wallets, and deposited it into #Hyperliquid… pic.twitter.com/lnwsRSspFv
— Lookonchain (@lookonchain) November 13, 2025
A coordinated market manipulation exposes vulnerabilities in decentralized trading
The manipulation intensified when the trader established a $20 million buy wall near the $0.21 mark, creating an illusion of strong market demand. Once the artificial wall collapsed, liquidity evaporated, forcing the liquidation of numerous leveraged positions. The resulting chain reaction wiped out the trader’s own holdings but drained Hyperliquid’s HLP vault by nearly $5 million.
Analysts on X described the event as an unusual display of destructive intent rather than financial gain. One participant called it a “$3 million art piece,” while another labeled it “the costliest research ever.” Others speculated that the trader may have hedged exposure elsewhere, though no supporting evidence has surfaced.
The attack exposed how automated liquidity providers can be pressured under extreme, artificial volatility. The manipulation demonstrated that decentralized derivatives platforms remain vulnerable when market support is engineered and withdrawn abruptly.
Following the event, Hyperliquid temporarily paused withdrawals using its “vote emergency lock” function as a precaution. After roughly an hour, withdrawals resumed. The platform has not officially confirmed whether the POPCAT-related attack was directly linked to the temporary freeze.
