Decentralized finance protocols (DeFi) may attract attention with their fast transactions and low commission fees, but the security issue in the sector remains unresolved. Hack attacks have recently come to the forefront due to errors or vulnerabilities in smart contracts. The DeFi protocol, Platypus, lost over $2 million in total and had to halt its services following three attacks on October 12.
Three Attacks Occurred in One Day
According to the blockchain security analysis platform CertiK, Platypus was subjected to three different attacks, resulting in the theft of $2.23 million worth of crypto assets. In the first attack, the attacker seized $1.2 million worth of crypto assets. Hours later, a second attack took place, resulting in a loss of $575,000. In the final attack minutes later, the hacker managed to seize $450,000 worth of assets.
Platypus protocol has a different service approach compared to many known DeFi protocols. Instead of being a protocol where buyers and sellers transact, it utilizes liquidity pools for automated trading (AMM) on the platform. Platypus raised $3.3 million in a funding round in 2021, led by Three Arrows Capital.
This Attack Method Spells the End for the Protocol
According to reports, the DeFi platform fell victim to a hack method called “flash loan exploit.” In this attack method, the attacker takes out a crypto asset loan through a quick transaction before providing the necessary collateral. The rapid acquisition of this loan is due to a security vulnerability in the protocol.
According to CertiK, Platypus experienced three attacks using this method in 2023. In February, the protocol suffered a loss of $8.5 million due to a similar method, causing a significant drop in the protocol’s stablecoin, Platypus USD, from $1 to $0.48. In July, the protocol lost $157,000 in another attack.
Following the attack in February, the protocol team created a compensation portal for the victims in March. The portal was used to verify how much compensation users could receive from the platforms and to communicate with customers before distributing the funds.
