Crypto Twitter’s buzzing after Hyperliquid lost $10.63 million to a wild exploit involving its JELLY token—and experts say this might be just the beginning.

According to Dr. Jan Philipp Fritsche from Oak Security, this wasn’t some accidental bug. It was a predictable failure in the protocol’s design. In other words, this mess could’ve been avoided.

Here’s How It Went Down

The attacker opened a $5 million short position on JELLY and then pulled their margin, leaving Hyperliquid exposed. Other traders jumped in, triggered a short squeeze, and the result? The protocol took the loss while the attacker walked away with millions.

“It’s unpriced vega risk,” Fritsche explained—basically, they underestimated how volatile the asset could get, and the payout system didn’t cap risk.

And yeah, this kind of vulnerability isn’t just a Hyperliquid thing. Fritsche says lots of DeFi protocols are still doing the same.

Community Reaction: FTX Vibes?

Bitget’s CEO Gracy Chen didn’t hold back. She slammed Hyperliquid’s risk setup as “unethical and immature,” even warning it could become another FTX-style collapse if things don’t change fast.

Hyperliquid says it’ll compensate users—but the reputational damage is already done.

DeFi’s Bigger Problem? This Is Just One of Many

This isn’t a one-off. In 2024, DeFi exploits caused over $308.7 million in losses—more than rug pulls, which hit $192.9 million.

And it’s not stopping. Just days after the JELLY drama, SIR.trading got drained for its entire $355K TVL.

Bottom line? DeFi needs to grow up fast—because the next exploit could be even bigger.