Platypus Finance Falls Victim to $2.23 Million Flash Loan Exploit
Platypus Finance, a decentralized finance (DeFi) protocol, has suffered from another flash loan exploit, resulting in the loss of $2.23 million across three separate attacks on October 12, 2023, according to CertiK, a blockchain security firm.
Attacks Unfold Methodically
Following the attack, the protocol suspended all its pools as a precautionary measure. The series of attacks unfolded systematically: the first attack on October 12 extracted $1.2 million from the platform. Shortly after, a second attack occurred, resulting in the theft of $575,000 worth of assets. Astonishingly, just a minute later, the third attack transpired, causing an additional loss of $450,000 in assets.
The Origin and Operation of Platypus Finance
Platypus Finance began as a single-side Automated Market Maker (AMM) designed for exchanging stable cryptocurrencies (ERC20 tokens) within the Avalanche blockchain ecosystem. Over time, it has sought to innovate in the stablecoin and stableswap domains by combining these functionalities using its underlying assets.
The protocol operates through smart contracts that prioritize attributes such as censorship resistance, security, self-custody, and capital efficiency. Its introduction of open liquidity pools for stableswap purposes represents a departure from traditional liquidity models, potentially addressing issues related to impermanent loss for liquidity providers and reducing trading slippage for users. In 2021, Three Arrows Capital led a funding round that secured $3.3 million for the platform.
Flash Loan Attacks and Vulnerabilities
Flash loan attacks exploit vulnerabilities that allow traders to borrow cryptocurrencies instantly without providing collateral. CertiK recently published a report on the state of crypto exploits.
Platypus Finance’s Ongoing Vulnerability
This recent flash loan attack on Platypus Finance marks the third incident in 2023, highlighting an ongoing vulnerability for the protocol. A previous attack in February resulted in a significant loss of $8.5 million and the depegging of the Platypus USD (USP) stablecoin. In July, the platform also suffered a loss of approximately $157,000 due to a flash loan exploit. To address the February attack, the DeFi protocol established a compensation portal in March to assist victims in assessing their eligible compensation and expressing concerns before funds were distributed.
Hot Take: Platypus Finance Needs to Strengthen Security Measures
The recent flash loan attacks on Platypus Finance have once again highlighted the vulnerabilities present within the protocol. With millions of dollars lost in multiple incidents, it is clear that stronger security measures need to be implemented to protect user assets. As flash loan exploits continue to evolve, it is crucial for DeFi protocols like Platypus Finance to stay one step ahead by regularly auditing their code, conducting vulnerability assessments, and implementing robust security protocols. By prioritizing security, platforms can provide users with peace of mind and ensure the long-term success and sustainability of decentralized finance.
By
By
By
By
By