An unknown actor targeted the decentralized exchange Hyperliquid, resulting in a $4.9 million loss for a liquidity provider (HLP), according to analytics from Lookonchain.
Sources indicate the attacker initially withdrew $3 million in USDC from OKX, distributing the funds across 19 separate addresses. These wallets were then used to open long positions totaling $26.28 million on Hyperliquid.
The attacker proceeded to place large buy orders for POPCAT tokens worth around $20 million at approximately $0.21, creating the illusion of high market demand. When the orders were subsequently canceled, liquidity plunged, triggering mass liquidations of the open positions.
As a result, the HLP, which automatically absorbs such orders, recorded a $4.9 million loss, while the attacker ultimately lost the initial $3 million stake.
Market Insight:
Analyst HeyVixon, commenting on Lookonchain’s post, highlighted unusual order book activity in POPCAT. Despite a generally weak market, long positions exceeding $11 million were maintained, while short positions accumulated around $0.21, repeatedly bouncing off this price level—creating lucrative conditions for opportunistic traders.
Previously, Hyperliquid founder Jeff Yan noted that some centralized exchanges deliberately underreport liquidation statistics by hundreds of times, raising concerns about transparency in the broader market.
