Flash loan >$10M targeting protocol tokens

Hyperliquid's assessment for RD-F-100 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Hyperliquid's primary risk surface (HyperCore) is a native L1 binary with no EVM contracts exposing lending markets, oracle contracts, or a governor contract that can be interacted with via EVM flash loans. Bridge2 has no oracle and no lending market. The JELLY attack used CEX market manipulation, not EVM flash loans. Structural non-applicability: flash loans cannot reach the HyperCore clearing engine or oracle module via Arbitrum. No flash-loan interaction with Bridge2 documented.

Sources #

URL
https://www.halborn.com/blog/post/explained-the-hyperliquid-hack-march-2025retrieved 2026-04-28

Methodology #

Detect whether a flash loan >$10M denominated in protocol tokens or LP tokens has originated, likely to interact with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol hyperliquid factor RD-F-100 score gray collected_at 2026-04-28 13:58:49