Platypus Finance, a decentralized finance (DeFi) protocol, has suffered a security compromise, leading to a loss exceeding $2 million.
In a recent post on X (previously known as Twitter), the security agency PeckShield reported that the project, which operates on the Avalanche network, had been targeted.
Responding to the notification, Platypus Finance acknowledged the presence of dubious activities within the protocol. As a preventative step, they decided to “temporarily suspend all pools.”
They assured their community that they would provide prompt updates as the situation develops.
It seems the breach was orchestrated using a flash loan attack, with a particular focus on the AVAX-sAVAX liquidity pool.
Platypus Finance, however, hasn’t yet provided an official statement regarding the precise methodology of the attack.
Flash loans, a prominent feature in the decentralized finance realm, allow users to borrow funds without necessitating any collateral. The catch is that the borrowed amount must be returned within the same transaction block.
Regrettably, malicious actors have discerned techniques to abuse this system, either by manipulating market values or by leveraging flaws present in DeFi platforms.
Attackers, by taking out hefty loans, can temporarily engineer market conditions. They exploit the ensuing price disparities to gain profits, and then promptly return the borrowed amount, all within the confines of one transaction block.
This isn’t Platypus Finance’s maiden encounter with such security lapses.
Previously, in February 2023, the project faced a flash loan attack. The assailants zeroed in on its freshly introduced stablecoin, USP, leading to a significant setback of $8.5 million.
Experts Say There’s Long Way Ahead Before Crypto is Safe
The realm of crypto security, while undoubtedly paramount, is still finding its footing in safeguarding digital assets effectively.
Sipan Vardanyan, the CEO and Co-Founder of crypto security enterprise Hexens, remarked in a recent Cryptonews interview, “Given the frequency of hacks and exploitations, it’s clear that a considerable effort is required to bolster security in this sector.”
According to recent data from Immunefi, a Web3 bug bounty service, the damages from hacks and rug pulls on Web3 platforms have already crossed the $1.2 billion mark this year alone.
The study showcased a staggering 211 distinct events that cumulatively resulted in this substantial financial setback, with August singularly responsible for losses amounting to $23.4 million.
Lars Seier Christensen, the founder of Concordium, asserts that the key to curbing cryptocurrency frauds lies in identity validation.
He emphasized, “To curb scams, it’s imperative to introduce a level of identity verification, ensuring that participants in any transaction are genuinely representing their claimed identities.”