The crypto market resembles a dark forest where malicious actors lurk at the boundaries of regulation, exploiting gaps in oversight for their own gain. A robust risk control system becomes essential, which acts as the primary shield protecting market integrity and system stability.
In August of this year, on Hyperliquid's pre-launch market, a whale exploited insufficient liquidity by deploying $15 million to aggressively accumulate long positions in XPL, clearing out the entire order book within a short period. In just five minutes, the price of XPL surged from $0.60 to $1.80, a 200% increase. This sudden price spike caught retail traders holding short positions off guard, with a large number of positions liquidated instantly. The total losses incurred by traders are estimated to have reached tens of millions of dollars, while the whale addresses behind the operation collectively profited over $46 million.
The attackers succeeded by exploiting market vulnerabilities, platform rule failures, and risk control blind spots.
1) Liquidity Deficit: Limited market depth dramatically amplified capital leverage effects. The whale's position size exceeded available liquidity by orders of magnitude, establishing dominant price control.
2) Oracle Isolation: More critically, Hyperliquid's oracle relied solely on its own internal prices, ignoring external market data. At the time, XPL was trading at around $0.55 on the pre-market of major exchanges such as MEXC, Binance, and Bybit, while the price on Hyperliquid diverged sharply, creating an isolated price island.
3) Risk Control Vacuum: The platform had neither position ratio limits nor mechanisms to halt trading during abnormal volatility, giving attackers the opportunity to strike.
In contrast, many mature trading platforms have established multi-layered protection systems to address such risks. These platforms typically prohibit the use of capital or liquidity advantages for price manipulation, while also setting position ratio caps to ensure that holdings by a single address or affiliated addresses do not become overly concentrated. More importantly, their risk control systems monitor abnormal trading patterns in real time and intervene immediately upon detecting suspicious behavior, preventing traders from being forcibly liquidated at irrational prices. The core purpose of this mechanism is to proactively close rule loopholes, interrupt the vicious cycle of manipulation, and create a relatively fair trading environment for all participants.
If the previous case was a precision strike against retail traders, the JELLY incident demonstrates a systematic attack on the platform's protocol level.
In March of this year, an attacker used $3.5 million in capital to orchestrate an arbitrage operation targeting loopholes in Hyperliquid. The attack unfolded as follows:
1) Opened a 50x leveraged short position of 430 million JELLY tokens using 3.5 million USDC (notional value of $4.08 million). After opening the position, affiliated addresses coordinated to dump heavily on the spot market, causing JELLY's price to briefly drop and generating a small profit on the short position. The attacker then closed 30 million JELLY shorts (profiting approximately $310,000) and withdrew $2.76 million in margin.
2) The remaining 398 million JELLY short position was liquidated. According to Hyperliquid's rules at the time, large positions that no one would take had to be absorbed by the HLP Vault. As a result, the HLP Vault was forced to take over this position at approximately $0.0113.
3) Immediately after the HLP Vault took over, the whale reversed course and aggressively pumped JELLY on the spot market. Within just one hour, the JELLY price surged 515%.
4) At the same time, a mysterious new wallet opened a 3x leveraged long position at the same price, with unrealized profits reaching $8 million.
5) Meanwhile, the HLP Vault's short position resulted in paper losses exceeding $12 million at one point. If the JELLY price had broken through $0.17, the HLP Vault would have triggered liquidation, with potential losses as high as $240 million.
Ultimately, Hyperliquid was forced to halt trading and settle all short positions at $0.0095. Although the platform narrowly avoided financial disaster and even made a small profit of $700,000, its reputation suffered significant damage. The community even compared it to FTX 2.0, and the native token HYPE dropped 20% at one point.
This textbook-level attack exposed the platform's deficiencies in protocol-level risk control and counterparty risk identification. A mature risk control system should have multiple layers of protection: when a low-liquidity token suddenly sees highly leveraged large positions that are severely mismatched with its market cap, the system should immediately trigger an alert and initiate manual review; when highly suspicious coordinated operations such as opening shorts before dumping or new and old addresses working together to pump prices are detected, the platform should intervene and investigate rather than allowing automatic execution. More importantly, liquidation funds cannot serve as an unlimited backstop. Platforms need to set maximum risk exposure limits for liquidation funds and implement clear liquidation and stop-loss mechanisms to control maximum losses.
If we view an exchange as a multi-layered defense system, account security sits at the layer closest to users, and is often the layer attackers are most eager to breach. The reason is simple: market mechanisms are constrained by programmatic rules, and asset systems are protected by multi-signature wallets and cold wallets. However, user accounts, particularly the processes of login, verification, device management, and withdrawal authorization, often depend on whether the exchange's risk control policies are strict enough and whether intervention is timely.
The 2021 Coinbase account breach stands as the definitive cautionary tale illustrating this vulnerability at scale.
In that incident, hackers did not breach Coinbase's servers, nor did they penetrate the security boundaries of any on-chain wallets. The key to the entire event was that attackers obtained users' email addresses, passwords, and phone numbers through social engineering (tricking victims into voluntarily handing over information or performing certain actions by gaining their trust), then exploited design flaws in Coinbase's SMS/Email 2FA (two-factor authentication) mechanism at the time to bypass verification steps that should have served as the last line of defense. A large number of accounts were taken over and emptied within minutes, and users did not detect anything abnormal immediately because the attack path was entirely legitimate, with hackers using what appeared to be normal 2FA procedures.
Coinbase later acknowledged that after obtaining users' basic information, attackers were able to regain control of users' email accounts and hijack SMS verification codes during the account recovery process, allowing them to successfully log in to the exchange and withdraw assets. Although Coinbase ultimately chose to compensate users for their losses, this incident exposed a deeper industry problem: many exchanges rely too heavily on vulnerable measures like verification codes for account security, without establishing comprehensive behavioral recognition and dynamic risk control systems.
In fact, the core vulnerability in the Coinbase incident was the lack of defense in the entire account risk control system:
First, the absence of a cross-dimensional behavioral recognition system. A combination of first-time login from a new location, large withdrawal, and operation from a new device should trigger a top-level alert for any mature risk control system. However, the system at that time allowed attackers to complete withdrawals in a very short time without triggering any freeze operations.
Second, the withdrawal process lacked multi-layer confirmation mechanisms. For large or abnormally frequent withdrawals, exchanges should trigger:
A truly mature risk control system goes beyond verification mechanisms and should include device fingerprint recognition, IP behavior analysis, withdrawal risk level models, social engineering protection alerts, and withdrawal lock mechanisms.
As the above market cases demonstrate, with the continuous evolution of trading ecosystems, product mechanisms, and technical infrastructure, the risks faced by platforms and ordinary users are also escalating. As a result, systematic risk control mechanisms are no longer optional, but a non-negotiable baseline requirement for safeguarding market order and asset security.
The absence of risk control oversight and risk mitigation means allowing malicious price manipulation, exploitation of mechanism loopholes, and abnormal trading behavior, all of which pose significant threats to platforms and users. At the account security level, without comprehensive monitoring, verification, and interception by risk control systems, attackers may be able to infiltrate accounts and control funds through key points such as user email, phone, and API keys.
Whether it is weakness in market access mechanisms, neglect of trading anomalies, or gaps in the account security chain, all of these can ultimately converge into the same outcome: market imbalance, user asset losses, and even the collapse of platform credibility. These point to one fact: risk control is the foundational structure of exchange security. Its role is not just single-point defense, but rather the anchor that stabilizes the entire trading ecosystem.
