- Platypus protocol has lost more than $2 million in an exploit three months after suffering a similar attack
- The attacker stole the funds through a flash loan attack
- The platform has suspended operations and reportedly recovered part of the funds
DeFi platform Platypus has lost over $2 million in a flash loan exploit that was conducted by the same malicious actor three times within a few hours. The actor first siphoned $1.2 million and then came back for $575K hours later and another $450K minutes after the second hack. Platypus has suspended operations saying that it has discovered “some suspicious activities in” its platform but indicated that it has recovered part of the funds, something that’s rare in the industry without enticing an attacker with a bounty.
The Third Flash Loan Attack This Year
In an X (formerly Twitter) post, the DeFi protocol disclosed that it’s working with security experts to patch the vulnerability, adding that its pools will remain inactive until the issue has been “completely resolved and […] security measures […] reinforced.”
3/ We're working closely with security experts to identify and rectify vulnerabilities. We will not resume the pool until these issues have been completely resolved, and our security measures have been reinforced.
— Platypus 🔺 (🦆+🦦+🦫) (@Platypusdefi) October 12, 2023
This is the third time the protocol has been exploited this year, with the first exploit happening in February and the second in July via the same tactic. In the previous two attacks, more than $8.6 million was siphoned from the platform.
Despite assuring its users that it’s working to boost its security, some crypto community members have asked the network to clarify how it’s planning to reimburse users affected by the recent hack.
DeFi Poses Serious Risks to Investors
Platypus joins the list of other DeFi platforms like Hundred Finance that have in the past lost funds through flash loan attacks. The Platypus hack comes a day after the European Securities and Markets Authority (ESMA) warned that DeFi poses serious risks to investors, noting that flash loan attacks are among the most used techniques to steal funds from DeFi investors.
With the current exploit being the third this year, it’s to be seen how best the platform will secure the platform from similar attacks in the future.
