Decentralized finance (DeFi) protocol Platypus has lost over $2 million in assets after suffering another flash loan exploit on its platform. The protocol suspended all of its pools in response to the attack.
According to the blockchain security platform CertiK, the DeFi platform suffered three attacks, with $2.23 million taken across the exploits. On Oct. 12, the first attack took place, extracting $1.2 million from the platform. A second attack occurred hours later, stealing $575,000 worth of assets from the platform. Just a minute later, the third attack occurred, with $450,000 in assets lost.
Due to suspicious activities in our protocol, we have taken the proactive measure of temporarily suspending all pools.
Further updates will be communicated to the community in a timely manner.
Thank you for your patience and understanding during this time.
— Platypus 🔺 (🦆+🦦+🦫) (@Platypusdefi) October 12, 2023
Platypus is an automated market maker (AMM) protocol that allows digital assets to be traded automatically by using liquidity pools instead of the more traditional markets where there are buyers and sellers. The platform raised $3.3 million in 2021 in a funding round led by the now-bankrupt Three Arrows Capital.
In a flash loan attack, traders exploit a vulnerability that would allow them to instantaneously borrow crypto without providing the necessary collateral for the transaction.
CertiK noted that the recent flash loan attack is the third attack on Platypus in 2023. On Feb. 16, the protocol lost $8.5 million in a similar exploit, which also led to the depegging of the Platypus USD (USP) stablecoin, driving its price from $1 to $0.48. According to CertiK, the protocol also lost around $157,000 in a flash loan exploit in July.
In March, the DeFi protocol created a compensation portal for victims who lost their assets in the February attack. The portal was used so that users could verify how much compensation they could get from the platform and allow them to raise their concerns before the funds were distributed.