Back in the early days of Wall Street—before the SEC, before investor protections, before the rules—there was a name for the people who played the system like a fiddle: bucket shop hustlers.
These guys would pump worthless stocks, dump them on unsuspecting buyers, and vanish with the loot.
Today, we call that behavior a scam.
But in DeFi’s early days?
We called it… Tuesday.
This is the story of one of those Tuesdays. A quiet little token, a seemingly obscure market, and a $6 million hit that shook one of the most promising perpetual DEXs to its core. This is the story of the Jelly Incident.
The Setup: JellyJelly and the Shallow Pool
JellyJelly was a token with a market cap of about $20 million—small, thinly traded, and perfect for manipulation. The attacker opened a massive $6 million short position through Hyperliquid’s perpetual DEX.
That short represented roughly 30% of the token’s total market cap.
That’s the kind of trade that would light up every alarm in a TradFi risk desk. But on-chain? It went through without resistance.
The attacker then began pushing the price down through carefully timed trades in the spot markets.
The idea wasn’t to make money on the spot sales—it was to manipulate the oracle price that Hyperliquid’s AMM relied on. Because the pool had shallow liquidity, even small trades had an outsized impact.
The manipulated oracle price began to cascade through the system.
The Domino Effect: Collateral Damage in the AMM
As the price of JellyJelly plummeted, the short position became wildly profitable. But unlike in a traditional derivatives market where margin calls and market halts would kick in, the protocol kept executing.
The vault—the HLP (Hyperliquidity Provider)—absorbed the toxic gains of the short.
There were no open interest caps, no slippage guards, no circuit breakers to contain the damage. Everything HLP had in its vault was suddenly at risk.
And then… came the twist.
The Centralized Plug Pull
In an attempt to stop the bleeding, the Hyperliquid team did something unexpected for a “decentralized” platform:
They force-closed the entire Jelly market.
No DAO vote. No on-chain governance process. Just… an admin call.
Now let’s be clear: from a damage control perspective, it worked. The hemorrhaging stopped. But from a trust and decentralization standpoint?
It was a wake-up call.
If a DEX has a kill switch that one party can pull at will, it’s not truly decentralized. And if trust in code gets replaced by trust in the dev team, then we’re just rebuilding Web2 with better marketing.
The Lesson? DeFi’s Not Broken—It’s Just Not Battle-Hardened Yet
This isn’t a takedown of DeFi. It’s not even a dig on Hyperliquid.
It’s a love letter to DeFi’s potential—and a battle cry to build it better.
DeFi is one of the most exciting technologies since the invention of the internet. It opens doors for anyone, anywhere, to participate in the global economy. But with that openness comes a reality:
There are attackers out there who will look for—and exploit—every weakness in the system.
So the goal isn’t to add more centralization or manual overrides. It’s to design systems that are so robust, so elegantly hardened, that exploits don’t work.
We’re talking:
- Liquidity-adjusted open interest caps
- Oracle manipulation resistance
- Decentralized circuit breakers (maybe)
- Dynamic leverage limits
- Modular AMM logic with fail-safes baked in
To name a few. This is the direction next-gen DeFi is already heading.
And we’re gonna get into it. Looking forward, by looking backward.
Coming Up: DeFi’s Greatest Hits (of Getting Rekt)
The Jelly exploit isn’t the first. Probably won’t be the last either.
In a future article, we’ll dive into:
- The DAO hack that led to Ethereum’s first hard fork.
- The Mango Markets exploit, where a trader borrowed hundreds of millions against a self-inflated asset.
- The bZx protocol hacks, a brutal series of flash loan manipulations that exposed the soft underbelly of automated finance.
Each story offers brutal lessons and inspiring responses.
Because while the road to decentralized financial freedom will always be under attack, it’s also being paved by builders who believe in the mission—and who are making sure we don’t get rekt the same way twice.