Decentralized finance (DeFi) protocol Platypus Finance has fallen victim to a security breach resulting in the loss of over $2 million.
In a recent blog post on X (formerly Twitter), security firm PeckShield noted that the Avalanche-based project has been exploited.
Following the alert, Platypus Finance confirmed that there had been suspicious activities in the protocol, prompting the project to take “the proactive measure of temporarily suspending all pools.”
“Further updates will be communicated to the community in a timely manner.”
The attack appears to have been executed through a flash loan attack, specifically targeting the AVAX-sAVAX liquidity pool.
However, Platypus Finance has yet to release an official comment on the specific attack vector employed.
Flash loans are a feature in decentralized finance that enables users to borrow assets without providing collateral, as long as the loan is repaid within the same transaction block.
Unfortunately, attackers have found ways to exploit this mechanism, manipulating market prices or exploiting vulnerabilities within DeFi protocols.
By borrowing substantial sums, attackers can artificially create market conditions, taking advantage of the resulting discrepancies for profit before repaying the loan, all within a single transaction block.
This is not the first time Platypus Finance has experienced a security breach.
In a similar incident in February 2023, the project suffered a flash loan attack targeting its newly launched stablecoin called USP, resulting in a loss of $8.5 million.
Experts Say There’s Long Way Ahead Before Crypto is Safe
While crypto security is without a doubt a critical concern, the industry is still in its early stages when it comes to protecting digital assets.
“With numerous hacks and exploits occurring, it’s evident that there’s a lot of work to be done to make the field safer,” Sipan Vardanyan, CEO and Co-Founder at crypto security firm Hexens, with Cryptonews.
So far this year, Web3 platforms have in hacks and rug pulls, according to a report from Web3 bug bounty platform Immunefi.
The report revealed a total of 211 separate incidents contributing to this massive sum, with the month of August alone accounting for $23.4 million in losses.
As , Concordium founder Lars Seier Christensen believes identity verification is essential in preventing cryptocurrency scams.
“To prevent scams, there has to be some level of identity verification, a means to verify that the parties involved in any given transactions are actually who they claim to be,” he said.