Timeline: Jelly token goes sour after $6M exploit on Hyperliquid

Timeline: Jelly token goes sour after $6M exploit on Hyperliquid

The meltdown of the JELLY token on Hyperliquid is the latest DeFi exploit in a year already riddled with hacks. Suspicious trading activity led decentralized exchange Hyperliquid to delist the Jelly-my-Jelly (JELLY) memecoin, with details of an exploit unraveling over the course of a few days.

The decentralized finance sector has already seen historic exploits in 2025, as the space struggles with issues of oversight and security. The Bybit hack saw North Korean hackers get away with $1.4 billion in February alone. The JELLY incident, in which a whale exploited the Hyperliquid exchange’s liquidation parameters, getting away with millions, is just the latest exploit to rock the industry.

Jelly token price crashes ahead of Hyperliquid exploit

Venmo co-founder Iqram Magdon-Ismail launched the JELLY token as part of the JellyJelly Web3 social media project. Following the launch on Jan. 30, the token price crashed from $0.21 to just $0.01 some 10 days later.

While the coin’s market cap initially boasted almost a quarter of a billion dollars, by March 26 it had a market cap of roughly $25 million.

The short squeeze on the JellyJelly token

The short squeeze on the JellyJelly token took place over the course of just a few hours on March 26. According to a postmortem by Arkham Intelligence, this is how it went down:

  • The exploiter deposited $7 million on three separate Hyperliquid accounts, making leveraged trades on the illiquid Jelly token.
  • Two accounts took $2.15 million and $1.9 million long positions on JELLY, while the other took a $4.1 million short position to cancel the others out.
  • As the price of JELLYJELLY increased, the short position was liquidated, but it was too large to be liquidated normally.
  • The short position was passed to the Hyperliquidity Provider Vault (HLP).
  • The exploiter meanwhile had a seven-figure PnL from which to withdraw.

By this point, the price of JELLY had pumped 400%. The exploiter began to pull withdrawals but Hyperliquid soon restricted their accounts. Instead of attempting further withdrawals, they began to sell their JELLY position. As the trader began to sell their remaining Jelly position, Hyperliquid shut down the market for the token.

According to Arkham, the exchange closed the market with Jelly at $0.0095, the price at which the third account had entered its short trades. Hyperliquid announced on X that it would delist perpetual futures trading for the JELLY token, citing “evidence of suspicious market activity.”

Related: Long and short positions in crypto.

P reactions to the exploit

Traders reacted with disappointment and frustration to the exploit. Steven Goldfeder, co-founder of Arbitrum, expressed skepticism about the move to base layer and native rollups, but his comments were not directly related to the Hyperliquid exploit.

Other traders seemed at peace with the risk of DeFi, stating that they would eat the losses and continue onward. The true irony of the exploit is that it seems everyone lost out — the exchange, traders, and even the exploiter. In total, the trader deposited $7.17 million into their accounts but was only able to withdraw $6.26 million, with a balance of around $900,000 still remaining on their Hyperliquid accounts.

If they are able to get the funds back, the exploit will cost them around $4,000; if not, it could have cost them almost $1 million.