Platypus Finance, a DeFi protocol operating on the Avalanche network (AVAX), has fallen victim to a security breach, causing a loss of over $2 million. Cybersecurity firm PeckShield reported the issues first.
In response to the security breach, the Platypus Finance team acted by temporarily suspending all liquidity pools.
The team explained the situation, saying, “Due to suspicious activity in our protocol, we have taken the necessary measures to temporarily suspend all repositories. Further updates will be communicated to the community in a timely manner.”
According to the reports, the vulnerability appears to be linked to a flash loan attack targeting the AVAX-sAVAX liquidity pool.
What are flash loans? Flash loans are a distinct aspect of decentralized finance (DeFi) that allows users to borrow crypto without needing collateral, provided the loan is repaid within the same block of transactions.
However, attackers have found different ways to exploit this function by manipulating market prices or identifying vulnerabilities in DeFi protocols.
Further, attackers can artificially influence market conditions by borrowing some amount of money and exploiting the resulting disparities before closing the loan within a single block of transactions.
Surprisingly, this isn’t the first security breach for Platypus Finance. In February 2023, the protocol suffered a flash loan attack that targeted the newly launched stablecoin USP. During that attack, an estimated $8.5 million was drained from the project.