This spring bear caught many off guard.

But looking on the bright side, it gives us the chance to talk about topics that usually get drowned out in a bull market—like risk control, which actually matters.

For centuries, people have been trying to figure out how not to lose all their money (or even the entire economy!) while playing this game called finance. That's what "risk control" is all about.

The discourse around this has gotten more real and pressing than ever after a series of exploits hit Hyperliquid. As one of the most respected players in DeFi, the recent onchain manipulation—one long attack involving blue-chip ETH, and another short play on a small-cap memecoin called JELLY—has forced the industry to take a hard look at fundamentals, stripping away the hype.

Here’s a quick summary in case you’ve been too busy to follow all the details.

In March 2025, Hyperliquid experienced two significant market manipulation events. 

First, on March 12th, a trader leveraged a massive long position on Ethereum (around $307M at 50x leverage). By strategically withdrawing collateral as the price rose, they brought their position close to liquidation. A subsequent price dip triggered a force-liquidation that the platform's liquidity pool (HLP) couldn't fully absorb without slippage, resulting in a $4 million loss for the HLP and a $1.86 million profit for the trader. Key remedies implemented by Hyperliquid included lowering leverage limits for BTC and ETH, increasing maintenance margin requirements, and restricting collateral withdrawals to at least 20% of open positions.

Weeks later, another manipulation exploited the low liquidity of the memecoin JELLY on decentralized exchanges and its listing on Hyperliquid to manipulate its price. By combining a short position on Hyperliquid with aggressive spot buys, the trader caused a significant price surge, leading to a near-$13 million unrealized loss for Hyperliquid's liquidity pool (HLP) which had inherited the short position. In response, Hyperliquid's validators controversially voted to delist JELLY perpetuals and forcibly settle all positions at a significantly lower price, effectively reversing the potential loss into a profit but raising concerns about the platform's decentralization and the risks associated with its shared liquidity model. 

Both incidents - residing on the very opposite verges of the spectrum (one long, one short; one blue-chip, one “shitcoin”) - cohesively highlighted the risks associated with high leverage and large positions on Hyperliquid. 

Beyond the direct risks of high leverage and large positions, these incidents also exposed systemic flaws that erode trust: vulnerabilities related to liquidity management during liquidations, strategic margin manipulation, the dangers of listing illiquid assets, governance decisions in decentralized environments, the risks inherent in shared liquidity models, the potential for cross-platform manipulation, and the critical need for proper risk management and transparent communication.

Better adherence to risk control protocols could have prevented this.

Position caps and locked margins could have limited exposure and avoided forced liquidations. Onchain privacy might have shielded positions. Clear delisting protocols would have enabled orderly exits rather than panic. These aren’t burdens—they’re blueprints for resilience, supported by internal checks and balances to ensure compliance.

To draw lessons from the past, the history of traditional finance risk control is a long and evolving one, reflecting changes in the financial landscape, technological advancements, and our understanding of risk itself. The crypto and DeFi space, while embryonic compared to TradFi, is demonstrably following a similar evolutionary path:

1. Increasing complexity of financial markets and products:

• TradFi: TradFi has evolved from simple loans and equity to highly complex derivatives, structured products, and sophisticated trading strategies.
• DeFi: DeFi has rapidly moved beyond basic token swaps and lending to encompass yield farming, liquidity provision, options, futures, and intricate multi-layered protocols. The composability ("money legos") of DeFi allows for the creation of increasingly complex financial instruments and strategies.

2. Technological advancements enabling better data analysis and modeling:

• TradFi: TradFi has benefited immensely from computational power and data analytics, leading to sophisticated risk models, algorithmic trading, and real-time risk monitoring systems.
• DeFi: The inherent transparency of blockchains provides vast amounts of on-chain data. We are seeing the emergence of tools and platforms leveraging this data for risk assessment, smart contract auditing, anomaly detection, and predictive analytics using AI and machine learning.

3. Significant financial crises highlighting the failures of inadequate risk management:

• TradFi: History is replete with financial crises that exposed weaknesses in risk management practices and spurred regulatory reforms.
• DeFi: The DeFi space has already experienced several significant events that underscore the risks involved, such as the collapse of Terra/Luna, the failures of Celsius and FTX, and numerous smart contract exploits and hacks. These crises have highlighted vulnerabilities in protocol design, collateral management, and overall risk controls.

4. Evolving regulatory landscapes demanding more robust risk controls:

• TradFi: Regulatory bodies worldwide (e.g., Basel Committee) significantly strengthened regulations, focusing on capital adequacy, liquidity, and risk governance, particularly after the 2007-2008 financial crisis.
• DeFi: While the regulatory landscape is still developing and often fragmented, there is a clear trend towards demanding more robust risk controls, especially concerning anti-money laundering (AML), know-your-customer (KYC), consumer protection, and financial stability. Initiatives like the EU's MiCA regulation exemplify this evolving landscape.

5. A growing understanding of the interconnectedness of different types of risks:

• TradFi: Modern risk management in TradFi emphasizes an integrated approach (ERM) that recognizes how market risk, credit risk, operational risk, and liquidity risk can be interconnected and amplify each other.
• DeFi: The interconnectedness of risks is becoming increasingly apparent in DeFi. For instance, a smart contract vulnerability (technical risk) can lead to a liquidity crisis (market risk) and reputational damage (operational risk), potentially triggering regulatory scrutiny (regulatory risk). The reliance on stablecoins and bridging technologies also creates interconnectedness between different protocols and blockchains, amplifying contagion risks.

For DeFi to survive and thrive, we must do better. The industry can’t afford to keep lurching from exploit to exploit, bleeding user trust. A reliable DEX requires a healthy dose of paranoia—pushing boundaries not just in decentralization, but in embedding risk management at its core.

The history of financial risk control is a story of learning from mistakes, getting smarter with numbers, and trying to build a more stable and less scary "money game" for everyone. It's a constant effort to avoid the next big "uh oh" moment.

At GRVT, we’re building a regulated, institutional-grade platform on our private, permissioned chain—with a much bigger vision and broader offerings on the horizon. These exploits serve as a stark reminder and reinforce our conviction that we’re creating what this industry urgently needs. Self-custody is essential, but it’s the controls around it that make DeFi truly safe. GRVT is paranoid, risk-obsessed, and compliant by culture.