Jupiter’s risk vault unlikely to face Hyperliquid-style attack

The exchange has structural defenses and protocols to limit manipulations

article-image

Jupiter and GizemG/Shutterstock and Adobe modified by Blockworks

share

This is a segment from the Lightspeed newsletter. To read full editions, subscribe.


Following Hyperliquid’s $13 million brush with disaster, some in Solana’s orbit are wondering: Could Jupiter’s JLP vault — a similar product to Hyperliquid’s vulnerable vault — face a similar exploit?

Nope.

That’s my short but genuinely confident answer. Let’s unpack why.

To recap briefly: Last week, some unknown trader thought they’d get cute by manipulating the price of thinly-traded Jelly-my-Jelly (JELLY) memecoin on decentralized perp exchange Hyperliquid. The presumed goal was to mobilize a massive short squeeze, allowing them to profit from leveraged long positions while forcing the protocol to absorb the loss from their short. 

The attacker’s leveraged long positions quickly created over $13 million in unrealized losses to Hyperliquid’s HLP risk vault and an emergency shutdown that forcibly closed all JELLY positions at a price favorable to Hyperliquid’s balance sheet.

Now, we can argue whether it was a bailout, anathema to a decentralized ethos, or just pragmatic damage control another time. The point is, it worked.

By forcibly settling all JELLY positions at the exploiter’s short entry of $0.0095, the protocol basically reversed the attack. Which is to say that Hyperliquid actually, hilariously, ended up posting a profit of around $700,000 while the attacker walked away with less than they deposited. The Hyperliquid team promptly assured users they would be made whole through the Hyper Foundation, and everyone lived happily ever after.

Hooray.

But if perps DEXs can be attacked, that raises questions about Jupiter, Solana’s biggest DEX aggregator and perps exchange. Like Hyperliquid, Jupiter’s platform is powered by a vault that acts as the counterparty to all trades. This would be the very creatively named (/s) Jupiter Liquidity Provider pool, or JLP. The JLP collects trading fees and earns big when traders lose but takes a hit when they win.

HLP. JLP. It sounds pretty same-same. So with that in mind, could this vault be squeezed in a similar way? In theory, yes. Anything’s possible. I’m not going to call the Titanic unsinkable. But Jupiter’s architecture makes it an improbable outcome in practice.

First, consider its asset list. No offense to JELLY, but the token had very little liquidity, making price manipulation easier. Hyperliquid listed it because it prioritized volume, novelty, and a wide-open asset strategy to attract degens. 

Jupiter doesn’t do that. Its perpetuals are limited to major assets like SOL, ETH, and wrapped BTC. That decision alone eliminates the kind of thin-market vulnerability that made JELLY so exploitable. A Jupiter representative said the platform’s maximum order size is much smaller than Hyperliquid’s as well.

Second, price execution. Hyperliquid relies on its internal orderbook to match traders directly against each other. Users submit their own limit orders, giving them more flexible, dynamic pricing. However, that also leads to a plethora of exploitable scenarios. A motivated attacker can influence the price displayed on the platform, setting up artificial moves that trigger cascading liquidations and/or dislocations. No bueno, compadres.

Jupiter’s perp markets operate in a totally different way, choosing instead to execute at oracle prices from external sources like Pyth. Even if a trader tried to pump the spot price of SOL on another exchange, they’d still be trading against the median on-chain price, not a manipulated in-platform quote.

Frankly, it’s just harder to game the house when the pricing comes from outside the casino.

Third, Jupiter handles risk with guardrails, not emergency exits. JLP is always the counterparty. If a trade gets liquidated, the levers for that would pull automatically at the set Oracle price. As far as we know, there’s no handoff to a second vault, no delay that a bad actor can game, and no pause for a team call or validator vote. Losses go straight to the pool.

Again, one could argue this makes the system blunt or unforgiving, but it’s something LPs accept as part and parcel (and the reasons why should now be pretty clear).

That’s not to say that JLP is immune to risk, because it’s not. It regularly takes losses in the case of a one-sided market where most traders win, for instance. But Jupiter bakes in defenses for that, too. Traders pay borrow fees to open leveraged positions, which go straight to the pool. If everyone piles into longs, funding rates rise to balance the associated risks. 

Could some unforeseen scenario force Jupiter to intervene someday in a way that its users find questionable? Yes. Every protocol has an edge case. But in this specific scenario, Jupiter seems to have designed JLP to absorb such hazards. While Hyperliquid had to delist a token to save its vault, Jupiter has taken the opposite approach: limit risk at the door.

So, with that in mind — rest easy, Lightspeeders. 

Jupiter isn’t playing the same game Hyperliquid nearly lost.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Research Report Templates (1).jpg

Research

Jupiter has emerged as the undisputed liquidity backbone of Solana, commanding over 90% of spot DEX aggregation and 80% of perp trading volume. But behind the numbers lies a far more ambitious play: a cross-chain, vertically integrated super-app spanning swaps, synthetics, NFTs, memecoins, and launchpads. This report explores Jupiter’s rapid rise, the monetization upgrades reshaping its revenue profile, and the risks that could unwind its dominance, from token dilution to competition. With annualized revenues nearing $300M, the upside is undeniable, if it can navigate the turbulence.

article-image

Financial advisers in a January survey said equity ETFs were their top choice for gaining crypto exposure in 2025

article-image

“Why put a target out there that’s really speculative, not knowing exactly where this environment is going to go?” CarMax CEO Bill Nash said

article-image

While the head of Base may support legal sex work, Coinbase policies prohibit said workers from using its exchange.

article-image

EVM bottlenecks fundamentally hold back Ethereum’s scalability

article-image

In 2011, WikiLeaks faced a financial blockade imposed by the US government. It was Bitcoin’s first major test.

article-image

Kado’s founder Emery Andrew spoke to Blockworks about the acquisition and what’s next for the team