Platypus Finance, a DeFi protocol operating on the Avalanche AVAX + network, fell victim to a security hack earlier today. An estimated loss of over $2 million was reported by security firm PeckShield.
The project has responded by temporarily halting all of its liquidity pools. “Due to suspicious activities in our protocol, we have taken the proactive measure of temporarily suspending all pools. Further updates will be communicated to the community in a timely manner,” Platypus noted.
The incident appears to result from a flash loan attack, explicitly targeting the AVAX-sAVAX liquidity pool — although a formal comment on the attack vector has not yet been announced.
A flash loan is a feature in decentralized finance that allows users to borrow assets without collateral, provided they return the loan within the same transaction block. However, attackers have discovered methods to exploit this feature, manipulating market prices or taking advantage of vulnerabilities in DeFi protocols. By borrowing vast amounts, an attacker can create artificial market conditions, profiting from the induced discrepancies before repaying the loan, all within a single transaction block.
This isn’t the first hack for Platypus. A similar event took place in February 2023. During that incident, $8.5 million was taken via a flash loan attack, targeting its newly launched stablecoin named USP.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.