JellyJelly Exposes Hyperliquid: An Illegal CEX Cloaked in Decentralized Marketing

How a single token manipulation unraveled the illusion of DeFi and revealed the centralized machinery behind crypto’s hottest exchange

Mar 27, 2025

Today’s article is a long one. We think it’s right to devote an exceedingly long wall of text to explore why everyone is so consumed with the Hyperliquid JELLY incident. It’s an extremely complex issue and requires a lot of unpacking.

Many of you might have strong feelings one way other the other for Hyperliquid. They’ve created generational wealth for a lot of people, which tends to create cult like behaviors.

We’re trying to look past that in this article and look at the technical, governance, and legal aspects to yesterday’s events. Enjoy.

Yesterday an “attacker” deposited $7.1m onto Hyperliquid using 3 separate accounts within 5 minutes of each other.

They then proceeded to open a $4m and a $4m long position on JELLYJELLY which had a market cap of $20m at the time.

The trader then pumped the price of JELLY by 400%, in the process liquidating their shorts.

When the trader’s short was liquidated, the open position was passed to the Hyperliquidity Provider Vault (HLP) which took over responsibility for liquidating the positions.

As his longs went deeper into positive PnL, they removed margin and took it off Hyperliquid.

Calling the JELLY position massive was an understatement. Hyperliquid let open interest on JELLY top 40%, which is unheard of for a low market cap token.

The token was originally listed when it had a market cap of $270m, eventually crashing 98% after that to $3m market cap. At that point, the malicious trader scooped up a massive chunk of JELLY to engage in this highly profitable trading strategy.

Hyperliquid let HLP carry the position for some hours, leading to a $15m negative PNL at one point.

HLP was chum for the sharks at other exchanges who slowly started to circle.

Hyperliquid had no easy way to undo the mess of trade they were in, and the higher the JELLY price went, the further in the red HLP’s PnL would trend.

The situation came to a head when Binance Co-Founder & Chief Customer Service Office Ye Hi responded to a Chinese user calling for the listing of JELLY immediately to punish Hyperliquid for their risk management mishap.

Ye Hi responded “好的，收到。(Ok, got it)” in Chinese.

In the following minutes, both OKX and Binance announced that Futures markets would be listed for JELLY, giving traders a way to giga-long JELLY.

The threat now shifted from a sizable 8 figure loss to the complete destruction and bankrupting of HLP. A small market cap token like JELLY could easily be pumped another 10x in a few minutes to multi-hundred million dollar market caps with futures.

Hyperliquid’s existential destruction was on the cards.

In the moments before listing, Hyperliquid triggered the nuclear option.

They closed the entire JELLYJELLY market and settled all trades at 0.0095, the price at which the third account had entered its short trades. The “attacker” was zero’d out. Instead of profiting millions, they were down nearly 7 figures, with their seed funds locked inside of Hyperliquid’s custody.

Later it was revealed that 8 of the 16 Hyperliquid validators found quorum on the market changes within 2 minutes.

The damage was done though. HLP investors pulled their deposits at a blistering rate, with the vault losing over $100m TVL in under 24 hours.

The JELLYJELLY liquidation attack on Hyperliquid’s HLP vault is just the latest in a string of attacks this month.

Between the $300M ETH long that left HLP with $4M in bad debt and now this JELLY fiasco, Hyperliquid’s vault is starting to look less like a liquidity provider and more like a piñata for DeFi’s biggest whales.

How many more hits can they take before the whole thing comes crashing down?

HLP was a key part of Hyperliquid’s growth in the first two years. However, now as the exchange is scaling, malicious actors are finding new sophisticated ways to take advantage of Hyperliquid’s poor risk management.

This wasn’t just a one-off exploit or some fluke. It was a stress test… a very public, very expensive reminder that when the stakes get high, and the sharks (we see you CZ) start circling, even the most innovative systems can buckle under pressure.

But here’s the twist.

Despite everything—despite the liquidation fiasco, despite the $100 million in TVL gone overnight, despite the mounting questions about risk controls, Hyperliquid is still standing.

And for a lot of you, that fact alone is either delightful or infuriating.

Most of you already have an opinion about Hyperliquid before even starting this article. Hyperliquid has been able to build a cult like following second only to XRP army in just under a year.

I’m not here to change your mind.

Hyperliquid as a product has dominated this past year.

It’s incredible.

Every release is world class. The UX is killer. Spot markets were a smart addition. The interconnected EVM is exactly what you should build to achieve full potential. They’ve raised zero VC capital.

Hyperliquid is competing with the big boys now, now drawing the ire of Binance and OKX. They are closing in on 5% of in total perp volume in an extremely crowded and competitive market.

Onchain perps are the future.

Starting at the beginning of 2024, onchain perpetual dexes started to take an ever growing slice of volume market share away from their Big brother CEX counterparts. Hyperliquid quickly took over the mantle of having the best UX post-FTX, which is a wild thing to say about any onchain product.

Historically, onchain UX has sucked. DeFi was never able to compete with the CEX's as being centralized they could implement optimal server architecture, risk controls, and co-location. Not anymore.

Hyperliquid’s product is world class, yet the pressures they face are legal and regulatory.

If I was Hyperliquid would pray that the Trump administration and specifically the CFTC refuse to bring any enforcement action against and that the next administration would hold similar regulatory views.

If Hyperliquid has a clear 4-5 year period to build and grow, they could potentially surpass Binance and OKX.

But…

If I got to time travel to 2030 and they weren’t operating anymore I wouldn’t be shocked.

Because everything that Hyperliquid is doing is illegal.

Unlike Uniswap, Aave, and other major DeFi protocols, Hyperliquid has no path to compliance without massive changes to their entire tech stack to essentially become a CEX or radically downshift their performance.

And after today’s disruption, the claims that could be raised against the platform concerning control and centralization are all valid.

The issues being raised across CT are extremely complex and challenging.

To fully understand what it means when people complain that Hyperliquid isn’t decentralized a full analysis of their technical and governance stack is needed then we can figure out how current laws and regulations from the CFTC, and OFAC apply.

“No such thing as a halfway crook” - Hyperliquid’s Technical Architecture and Decentralization

The Network

Hyperliquid operates on its own application-specific blockchain to achieve ultra-low latency (claimed ~0.2s block times) and is optimized for orderbook trading performance and not a general-purpose network.

Unlike typical Ethereum L2 protocols, Hyperliquid’s chain runs on top of Arbitrum as an anchored environment but uses a custom data availability layer (not posting all data to Ethereum).

In practice, this means Hyperliquid’s exchange logic (order matching, trades, settlements) executes on its proprietary chain, with only deposits/withdrawals bridging to Arbitrum.

All trading activity is on-chain within Hyperliquid’s network, allowing full transparency of orders and trades in the chain’s ledger.

The upside is high throughput (tens of thousands of orders per second) and control over gas costs and MEV handling. The downside is reliance on Hyperliquid’s own security model rather than Ethereum’s.

Validators

Hyperliquid’s network is secured by a very small, permissioned validator set rather than an open, permissionless set of miners or stakers. Initially, it launched with just 8 validators (in two groups of 4 called “hot” and “cold” validators) chosen by the team.

As of early 2025, this was expanded to 16 validators selected by the Hyperliquid Foundation.

These validators run the HyperBFT consensus – effectively taking turns as block proposers (sequencers) to order transactions. Decentralization is limited: all validators were handpicked (the team denies “selling” validator slots; they claim selection was based on testnet performance).

There is no permissionless entry for new validators yet – the foundation controls who runs nodes.

Moreover, the token stake is highly concentrated in the team/foundation. In fact, Hyperliquid’s team controlled ~81% of the staked HYPE tokens at launch, giving them over the 2/3 supermajority needed to control or halt the chain. This means the network’s integrity (block production, censorship-resistance, finality) essentially rests on a small group of insiders.

Additionally, The validators also play a critical role in the bridge/withdrawal process: a supermajority of validators must sign off to finalize withdrawals from Hyperliquid back to Arbitrum.

If these validators collude or malfunction, user funds could be frozen or even illicitly withdrawn. In short, the current validator design makes Hyperliquid more akin to a federated sidechain with trusted operators than a trustless public blockchain.

The Orderbook

Hyperliquid uses a central limit order book (CLOB) for its spot and perpetual markets, distinguishing it from AMM-based DEXs.

Crucially, Hyperliquid’s order book is fully on-chain on its own L1.

Every order, trade, cancellation, and state update is processed in-blockchain (thanks to the chain’s high throughput design). This is in contrast to hybrids that keep order books off-chain.

Hyperliquid’s design provides on-chain transparency of all orders and matches. The custom chain’s speed makes this feasible: with ~0.2-0.9s latency and claims of up to 100k+ orders per second throughput, the chain can handle high-frequency order placements and cancellations.

The sequencer (block proposer) orders incoming transactions and matches trades according to the protocol rules.

However, given the small validator set, censorship or reordering risk exists – a validator controlling block production could, in theory, insert or withhold transactions (a classic MEV concern).

Hyperliquid acknowledges the importance of managing MEV and can adjust parameters at the chain level to mitigate frontrunning.

Still, since block production is not broadly decentralized, users must trust the appointed validators not to unfairly sequence trades.

On the positive side, having the order book on-chain means no single party externally controls matching – it’s governed by the chain’s consensus, and all trade outcomes are recorded transparently in the blockchain state.

Settlement and Data Availability

All trades on Hyperliquid settle on its native chain, which achieves fast finality via BFT consensus. Once a block is committed by >2/3 of validators, trades in that block are final (no miner re-orgs as in PoW).

Cross-chain settlement (moving assets in/out) is handled by a bridge to Arbitrum. Users deposit assets (e.g. USDC) from Arbitrum into Hyperliquid’s custody (lock on Arbitrum, mint on Hyperliquid), then trade on Hyperliquid, and withdraw by requesting funds back to Arbitrum. This bridging relies on the validators: a quorum of them sign the withdrawal transaction that releases funds on Arbitrum after a challenge period.

Because Hyperliquid uses a “custom data availability” approach, transaction data is not posted to a neutral layer like Ethereum; the chain’s own nodes hold the data. This creates a trust assumption: if Hyperliquid’s nodes went offline or refused to cooperate, users could lose access to funds, since there’s no public record on L1 to use for recovery.

Essentially, Hyperliquid operates more like a sidechain, you trust its consensus for correctness and liveness.

In terms of censorship-resistance, anyone can submit trades to the network, but the small validator set could theoretically censor certain addresses or transactions.

There is no alternative prover or fallback mechanism if the validators misbehave, aside from social coordination. Thus, while Hyperliquid achieves impressive performance and on-chain execution, it sacrifices some trustlessness and censorship resistance compared to rollups that inherit security from Ethereum.

Governance and Control

Hyperliquid has a native token HYPE, introduced in late 2024, which is intended to govern the ecosystem.

In principle, HYPE token holders could participate in on-chain governance for protocol upgrades, validator set changes, parameter tuning, etc. In practice, however, governance is nascent and largely controlled by the team/foundation at this stage.

The codebase for the chain’s node software was initially closed-source (the team cited the rapid development and competitive edge as reasons). This lack of transparency drew criticism from the community and even some of its own validators. Hyperliquid responded by promising to open-source the code once it’s “secure and stable,” and to improve decentralization over time.

The team has announced a “Foundation Delegation Program” where the foundation will delegate some of its large token holdings to external validators to broaden the validator base. This suggests intent to dilute the foundation’s 81% stake dominance and incentivize independent validators.

Governance mechanisms (like on-chain voting) are expected to kick in as the network matures, but given the token distribution, any vote today would be dominated by insiders.

There are also “lockers” with admin powers (e.g. to pause the bridge in emergencies), indicating some centralized emergency controls exist.

Overall, Hyperliquid’s governance is at an early stage – at present, key decisions (validator admission, upgrades, parameter tweaks) are effectively made by the core team or foundation, not the community.

Versus their competition

Hyperliquid sits in the middle between its CEX and fully onchain competitors. In terms of a decentralization spectrum:

Binance/OKX sit at the extreme centralized end – proprietary systems, no user control or on-chain execution. Full KYC required, AML and other compliance checks in place.
dYdX (v4), Synthetix and GMX are toward the decentralized end. dYdX achieves decentralization by a large validator set and community governance (though using a new chain), and GMX and Synthetix by building directly on semi-decentralized L2’s with smart contracts (leveraging Ethereum’s security and a dispersed token governance). Both remove the need to trust a single company for trade execution or custody.

Hyperliquid is decentralized in name (infrastructure) but not fully in practice (control).

Their custom chain means there is no external dependency on a single server – multiple validators sign off on every block, and all traders’ actions are public on the ledger.

That’s a notable improvement over a pure CeFi model in terms of transparency and auditability. A situation like the FTX collapse is impossible on Hyperliquid. If an internal party mismanaged funds, it would be immediately apparent as all trades and balances are public.

However, since the validators are all permissioned by the team and the team holds the majority stake and can change parameters, Hyperliquid’s security and governance are effectively as centralized as a traditional exchange. If the Hyperliquid team decided to halt the chain or censor a user, they currently have the power to do so.

Worryingly, the question that must be raised is “if the Feds could force Hyperliquid to halt the chain or censor users based on court orders or threats of retaliation for legal and regulatory violations.

“I fought the law and the law won” - How Hyperliquid is illegal

Hyperliquid's recent liquidation disaster with JELLYJELLY starkly highlighted that all aspects of Hyperliquid are centralized, controlled by the team and a few team-approved validators.

We don’t know how the Trump administration will treat perpetual future exchanges yet. Americans can easily access Hyperliquid with a VPN, and the exchange requires no KYC.

Under U.S. laws, specifically those governed by the CFTC, FinCEN, and OFAC, Hyperliquid currently operates in clear violation on multiple fronts.

The SEC is a non-factor at this point. The agency has signaled that they are not going to pursue enforcement unless it was a blatant and willful act of gross misconduct under the law. So while HYPE could be considered a security and by proxy Hyperliquid required to apply for a broker dealer license, the securities agency will most likely turn a blind eye to any violations.

Commodity Futures Trading Commission (CFTC) Violations

The real threat is from the CFTC, a smaller agency that only dipped its toes into enforcement actions in Biden’s terms.

Before Gary Gensler took over the Chair of the SEC, he was the head of the CFTC. During that time he made it his mission to shut down every non-compliant FX shop globally. It was a must-year war against FX brokers that fought back at first, but eventually succumbed to the global pressures the US applied.

The CTFC is the wild card of this administration. We have no idea yet what Caroline Pham’s tenure will look like. Unless she willingly looks past violations, semi-centralized perp dexes might be in her sights.

Hyperliquid’s primary product is perpetual futures, which unequivocally brings it under the jurisdiction of the CFTC.

By the letter of the Commodity Exchange Act (CEA), it mandates that such derivatives products must be traded on a CFTC-registered platform (Designated Contract Market or Swap Execution Facility).

Hyperliquid is designed to evade such registration and its offering of leveraged perpetual contracts to retail traders is a clear violation. There is no geoblocking of their front end and US persons can access the website with a simple VPN connection.

Ooki DAO

The Ooki DAO case provides strong precedent: the CFTC successfully prosecuted them for engaging in “illegally offering leveraged and margined retail commodity transactions in digital assets” to U.S. users, which by law must occur on a registered exchange. The Ooki DAO (the decentralized entity governing the protocol) was found liable for operating an illegal trading platform for commodity futures and was not exempt just because it was a “DAO.”

The federal court’s order in 2023 held the DAO had violated the CEA as charged, by offering leveraged retail commodity transactions outside a registered exchange and acting as an unregistered FCM, and it imposed penalties and a trading ban.

Hyperliquid provides a nearly identical service – retail traders can open leveraged positions (e.g. 50x leverage) on perpetual futures for crypto assets. Unless these contracts are traded on a CFTC-registered exchange (which Hyperliquid is not), they are unlawful off-exchange futures.

Binance enforcement

CZ went to jail for lesser crimes than what Hyperliquid permits.

In the enforcement against Binance, the CFTC emphasized that being a foreign-based or “quasi-decentralized” operation will not shield a platform from U.S. law if U.S. customers are serviced.

Again, US persons can access Hyperliquid with a simple VPN connection.

The CFTC’s complaint alleged Binance operated a digital asset derivatives trading platform offering futures and swaps on crypto commodities (Bitcoin, Ethereum, etc.) to U.S. persons without registering as a DCM or SEF.

Binance’s conduct was described as a “willful evasion” of the law, including instructing U.S. customers to use VPNs to bypass geo-blocks.

Significantly, for much of its operation, Binance did not require any KYC information from customers, despite the legal duty for intermediaries like FCMs to collect such info.

Hyperliquid’s approach is comparably lax, it has no KYC and relies on users self-certifying compliance at most, and so the CFTC could view Hyperliquid as “willfully avoiding U.S. law” just as it did Binance.

The CFTC Chairman in the Binance case warned that “there is no location, or claimed lack of location, that will prevent the CFTC from protecting American investors… The CFTC will not tolerate willful avoidance of U.S. law.”

While Trump has signaled a relaxing of standards for enforcement, crime is still not legal. If the CTFC wanted to, they could bring enforcement actions. Especially now knowing that the Hyperliquid team & validators have complete control over the exchange and could force KYC if they truly wanted to.

Anti-Money Laundering (AML) and FinCEN Violations

Hyperliquid openly promotes its "no KYC" model, directly contravening the Bank Secrecy Act (BSA) and FinCEN requirements. In the U.S., entities facilitating virtual asset transfers and exchanges are considered Money Services Businesses (MSBs) and must implement rigorous AML and KYC compliance programs.

No KYC = Non-Compliance with BSA: FinCEN’s regulations require MSBs to conduct customer due diligence (KYC) and keep records for certain transactions. Hyperliquid openly advertises that “no KYC is required” to use the platform. This means Hyperliquid is not collecting identities, verifying source of funds, or screening for illicit actors.

Hyperliquid’s absence of customer identification, transaction monitoring, and suspicious activity reporting exposes it to severe legal repercussions, similar to FinCEN’s actions against Helix mixer operator Larry Harmon, who faced multi-million dollar penalties for comparable compliance failures.

Sanctions Compliance and OFAC Risks

Zach’s correct. A few weeks back, North Korean traders deposited stolen funds from the Radiant hack onto Hyperliquid and conducted several trades. The Hyperliquid team did nothing at the time and made no effort to freeze the funds or stop the sanctioned addresses from trading on their platform.

However, when customer assets were at risk with the threat to HLP, they immediately took steps to shut down the malicious trading and undo the damage to their platform.

The longer Hyperliquid fails to implement checks on their front end for sanctioned entities, refuses KYC, and continues to maintain significant control over their entire platform, the higher the risk of OFAC sanctions grows.

In the worst case, OFAC could designate the platform as sanctioned for willful violations, effectively banning all U.S. interactions, and crippling its business operations. The whole point of Hyperliquid is that it is attracting large market makers to trade. Being OFAC’d would force those entities to stop all trading activity on the platform or faces fines and potential criminal charges.

The Decentralization Defense

Well… there is no defense after JELLYJELLY.

Hyperliquid is entirely centralized and a small group of insiders can change whatever parameters, permissions and code they want at anytime.

Hyperliquid’s problems are legal, not technical.

Furthermore, there is no path to legality under the current law. To become compliant, Hyperliquid would need to institute protocol wide KYC checks, AML monitoring, and a host of other compliance checks that CEX’s are forced to complete.

It’s questionable whether Hyperliquid could ever give up centralized control of their platform. They’ve stated many times that full decentralization is the end goal, but as they give up core powers, its speed, UX, and security would suffer.

Why full decentralization is problematic for Hyperliquid:

Speed and Latency Issues

Hyperliquid is fast and has low latency due to its small, tightly controlled validator set. Introducing more non-team controlled validators across multiple global locations would inherently increase latency and reduce performance. Every transaction would need to reach consensus among an increasingly dispersed network, significantly slowing transaction finality and potentially undermining Hyperliquid’s core competitive advantage, its blazing speed and responsiveness.

User Experience Risks with Decentralized Front Ends:

In the worst case where the Feds ban the front end due to violations, the alternative would likely rely on decentralized storage systems such as IPFS.

However, IPFS and similar solutions typically provide a far inferior user experience.

The speed, responsiveness, and reliability users currently enjoy would degrade significantly. The overall trading experience would become frustrating for retail UX, potentially driving users back to traditional CEXs.

Centralized Controls and Emergency Governance:

Jeff and the team control all of Hyperliquid, allowing them to rapidly respond to threats, such as unauthorized withdrawals or malicious trading attacks.

During the JELLYJELLY incident, Hyperliquid was able to swiftly find quorum among its 16 validators to avert a potential disaster. However, imagine a scenario where validator numbers swell to 100 or even 1,000, achieving quick consensus would become increasingly challenging, potentially taking hours.

Imagine if Binance and OKX had been able to launch their futures contracts while the validators worked to find quorum. The price could have skyrocketed during that period allowing the malicious trader to extract significant funds from the exchange.

Thus, Hyperliquid finds itself trapped in a paradox: there’s “no such thing as halfway crooks.” Decentralization undermines its strengths, yet centralization exposes it to insurmountable regulatory risk.

Building crypto products is hard. Dominating an extremely competitive space like perps is even harder.

Hyperliquid is doing what crypto does best, engaging in regulatory arbitrage to gain market share.

Eventually those opportunities will shut and what then? If they can’t decentralize fast enough the US banhammer will send them to an all expenses paid vacation to Bukele’s prison. However, decentralizing means losing control over an extremely complex and fragile project.

In 2025, we know that decentralized contracts are outside of the law, however, little about Hyperliquid is fully decentralized and won’t be for the foreseeing future.

We wish them the best.

P.S. What Binance and OKX did is perfectly fine and a good business decision. How many times do you get to crush your competition? There’s a dark underworld of CEX-based market battles that retail knows nothing about. We were just gifted this on full display as Hyperliquid is transparent.

Like this post? Share with a friend.