Post-exploit response score

Hyperliquid's assessment for RD-F-081 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

JELLY incident curator score 3.75/5: Compensation partial (Foundation covered HLP loss, attacker extracted ~$2.76M not recovered — 3/5); Transparency adequate (public wiki post-mortem with named root cause, but no commit diffs or code-level detail — 3/5); Root-cause depth good (attack vector understood, structural fix via margin tiers launched May 2025 — 4/5); Operational recovery strong (delist+settlement within ~2 hours — 5/5). Composite 3.75/5 = yellow (green threshold ~4.0 with full compensation and code-diff-linked post-mortem).

Sources #

URL
https://www.coindesk.com/markets/2025/03/26/hyperliquid-delists-jellyjelly-after-vault-squeezed-in-usd13m-tussleretrieved 2026-04-28
URL
https://hyperliquid-co.gitbook.io/wiki/introduction/roadmap/incident/2025-26-03retrieved 2026-04-28
URL
https://www.halborn.com/blog/post/explained-the-hyperliquid-hack-march-2025retrieved 2026-04-28

Methodology #

Curator-score (1–5) the most recent incident response on: compensation completeness, transparency of disclosure, root-cause analysis depth, and operational recovery speed.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperliquid factor RD-F-081 score yellow collected_at 2026-04-28 13:58:49