Skip to content
PerpFinderPerpFinder
Intermediate9 minutes

Is Hyperliquid Safe in 2026? Audits, HLP & Incidents

Is Hyperliquid safe? A 2026 review of its audits, validator model, the March 2025 JELLY squeeze, HLP vault mechanics, and who should trade smaller.

Updated

Hyperliquid is safe enough to clear more perp volume than any other DEX, and young enough that two incidents in March 2025 forced structural changes to its risk engine. Both facts matter. The chain has never suffered a smart-contract exploit, its core contracts were audited by Zellic and Quantstamp, and every order, funding payment, and liquidation settles on a public ledger anyone can query. It is also a purpose-built L1 with a small validator set and a market-making vault (HLP) that doubles as the liquidation backstop. This review walks through the architecture, the full incident history, and the honest answer to who should size down.

Key takeaways

  • No smart-contract hack since mainnet launch in early 2023. Core contracts audited by Zellic and Quantstamp, with public reports.
  • The March 2025 JELLY squeeze put the HLP vault $13.5 million underwater before validators force-settled the market. HLP ended up about $703,000 in profit, but the episode exposed real gaps.
  • Hyperliquid responded with tighter open-interest caps, patched auto-deleveraging logic, and fully on-chain validator votes for delistings.
  • Trading costs are competitive but not zero: 0.015% maker and 0.045% taker at base tier.
  • Self-custody removes exchange-bankruptcy risk. Validator concentration and the deposit bridge remain the weak points to price in.

24h perp volume — all tracked venues (2026-07-07)

$203.42B

CEX $185.65B · DEX $17.77B

PerpFinder live dataset · verified 2026-07-07

The architecture: a chain built around one exchange

Hyperliquid does not run on Ethereum, Arbitrum, or Solana. It is its own L1, purpose-built so that a full order book can live on-chain: order placement, matching, funding, and liquidations all execute as chain state with sub-second finality. That design gives it CEX-grade speed with DeFi-grade transparency. You can verify every fill and every liquidation from public data, which is impossible on a centralized venue.

The trade-off is where trust concentrates. Hyperliquid does not inherit security from a larger ecosystem. Its safety rests on its own validator set and node software, and that validator set is still small compared with mature chains. Deposits also flow through a bridge contract from Arbitrum, so the bridge itself is part of the attack surface. Neither has failed to date. Both are reasons the risk profile differs from a ten-year-old venue.

Incident history: what has actually gone wrong

The useful question is not whether incidents happened. They did. The question is what broke, who paid, and what changed.

March 12, 2025: the ETH whale unwind

A trader ran an ETH long of roughly $300 million at high leverage, withdrew margin while the position showed a profit, and let the position cross its own liquidation price on purpose. Exiting through the liquidation engine avoided the slippage a market order of that size would have paid. HLP, which backstops liquidations, absorbed a loss of about $4 million. No code was exploited; the margin rules priced large exits badly. Hyperliquid tightened margin requirements for leveraged withdrawals and cut headline leverage on the biggest pairs in direct response (BTC to 40x and ETH to 25x at the time; caps have since been retuned per asset).

March 26, 2025: the JELLY squeeze

Two weeks later came the sharper test. One actor opened three fresh accounts: two holding long positions in JELLY, an illiquid memecoin perp, and one holding a deliberately over-leveraged short of roughly $4 million notional. The short was designed to fail. When it was liquidated, the backstop logic handed the position to HLP. The attacker then bought JELLY aggressively on thin external spot markets, driving the oracle price up and pushing HLP's unrealized loss to about $13.5 million, with the vault facing worse if the pump continued.

Validators voted, within minutes, to delist the JELLY market and force-settle every position at $0.0095, the attacker's entry price, rather than the manipulated oracle price near $0.50. The settlement flipped HLP's position to a profit of about $703,000 and stranded the attacker's longs. HYPE still fell around 20% that day, and the criticism wrote itself: a supposedly decentralized exchange overrode its own oracle by committee. In an extreme event, your PnL on Hyperliquid can be decided by governance rather than the open market. That cuts both ways. It saved depositors here, and it is a form of intervention risk you should know exists.

What changed afterward

The team shipped three concrete fixes. Open-interest caps now account for an asset's real market cap and liquidity, so an oversized position on a thin token like JELLY should be rejected at entry. The auto-deleveraging trigger was reworked to assess the liquidator's account on its own rather than the pooled balance, closing the bypass the attacker used, and the liquidator strategy is now capped to a small share of HLP. Delistings moved to fully on-chain validator voting instead of off-chain coordination. None of this makes manipulation impossible. It does mean the specific 2025 playbooks no longer work as written.

HLP vault vs. a classic insurance fund

Most CEXes keep a passive insurance fund: a pot of money, topped up by liquidation fees, that only pays out when a position closes worse than its bankruptcy price. Hyperliquid runs a different model. HLP (Hyperliquidity Provider) is an active market-making vault, open to public deposits, that quotes markets, earns fees, and also inherits underwater liquidations as the backstop of last resort.

The practical differences: HLP stands in the line of fire first, its full positions and PnL are visible on-chain in real time, and depositors share both the trading returns and the tail risk. A CEX insurance fund discloses balances on the exchange's own schedule and its size is a policy choice. HLP has remained profitable across its history, including through both March 2025 events. The model is not automatically worse than an insurance fund, but you should understand that the backstop is a live trading book, not idle cash.

Audits and transparency

The canonical record: Hyperliquid's L1 and core contracts were audited by Zellic and Quantstamp, and both reports are public. The chain has operated since early 2023 without an exploit of that code. Just as important, the exchange state is fully inspectable. Volume, open interest, funding, and liquidations on our Hyperliquid dashboard come straight from chain data, not from self-reported figures.

The honest caveat is that audits cover code. Both 2025 incidents were economic attacks on market structure, a category no audit certifies against. Judge the protocol on how it handled them: user funds were not lost in either event, and the fixes shipped fast.

What it costs to trade there

Fees are part of any safety math, since hidden costs push traders toward riskier sizing. Hyperliquid charges 0.015% maker and 0.045% taker at base tier, with no gas on the L1. Volume tiers lower those rates, and signing up through a referral code takes 4% off. That puts it near the cheap end for order book DEXes, though venues like Lighter run zero-fee models. Model your own numbers with the fee calculator.

Who should size down

Treat Hyperliquid as production-grade for active perp trading and still size for its age. Run smaller if any of these apply: you hold large positions for weeks (validator and bridge risk compound with time), you trade thin long-tail markets (JELLY-style manipulation lives there, even with tighter caps), or you need a regulated counterparty with legal recourse (Hyperliquid geoblocks US users and offers none; see our US legality guide). A common-sense split: keep trading margin on the venue and store long-term capital in cold storage or on-chain elsewhere.

Has Hyperliquid ever been hacked?+

No. Since mainnet launch in early 2023 there has been no smart-contract exploit of the L1 or core contracts. The notable incidents, the March 2025 ETH whale unwind and the JELLY squeeze, were market-structure attacks. User funds were not lost in either, and both led to risk-engine changes.

What exactly happened with JELLY?+

An attacker used an over-leveraged short on an illiquid memecoin to force Hyperliquid's HLP vault to inherit the position, then pumped the spot price to put the vault $13.5 million underwater. Validators voted to delist the market and settle all positions at the attacker's entry price, which left HLP up about $703,000 and defeated the attack, at the cost of overriding the oracle.

Is money on Hyperliquid safer than on a centralized exchange?+

The risks are different. Self-custody means no FTX-style bankruptcy can take your funds, and everything settles on a public chain. In exchange you accept smart-contract risk, a young validator set, and the Arbitrum deposit bridge. On a CEX you accept custody and solvency risk instead.

Is Hyperliquid audited?+

Yes. Zellic and Quantstamp audited the L1 and core contracts, and both reports are public. Audits do not cover economic attacks, which is why the 2025 incident history and the fixes that followed are the more useful safety signal.

Contains affiliate links — we may earn a commission. Doesn't affect rankings.

Hyperliquid logo

Hyperliquid

4% off trading fees with code AWD

Claim Deal
PF

PerpFinder Research

Editorial Team

Editorial team tracking 30+ perpetual futures venues with live on-chain and exchange data.

Live data from DefiLlama, Coinalyze, exchange APIsNo paid inclusion or paid rankingsUpdated daily — fees, volume, OI tracked continuouslyOpen methodology — see /how-we-test
Last reviewed: July 3, 2026Follow on X |Our Methodology

Affiliate Disclosure: This page contains affiliate links. We may earn a commission when you sign up through our links, at no extra cost to you. This does not influence our ratings or recommendations.

Risk Warning: Trading perpetual futures involves substantial risk of loss and is not suitable for all investors. Past performance does not guarantee future results. Only trade with funds you can afford to lose.