Platypus, Avalanche’s native StableSwap protocol, suspended all of its pools on Thursday after detecting a flash loan exploit on the DeFi platform.
PeckShield, which first reported the platform’s attack, revealed on Thursday that the exploit resulted in losses exceeding $2 million.
CertiK, blockchain security company Finished the results of its own investigation, claiming that two attackers took approximately $1.3 million in packaged AVAX (WAVAX) and approximately $913,000 in cash-packed AVAX (sAVAX).
Playtypus is currently investigating what happened.
“The entire team is working and communicating with various parties to attempt to recover contract funds, identify the root cause of this exploit, and trace the identity of the hacker(s) at this time. We will share updates with the community soon,” a moderator wrote on the protocol’s Discord channel on Thursday.
Platypus is an Automated Market Maker (AMM) protocol within the Avalanche blockchain, created with the primary purpose of trading stablecoins.
The protocol raised $3.3 million in December 2021, in a funding round led by now-defunct crypto hedge fund Three Arrows Capital (3AC) and Defiance Capital.
The protocol suffered a separate feat in February, losing more than $8.5 million.
This incident was also a flash loan attack – where traders can instantly borrow cryptocurrencies without providing collateral and return them in the same transaction.
In this particular attack, the perpetrators exploited a vulnerability in the USP credit check mechanism of Platypus’ native stabletoken, fooling its smart contracts into believing that the USP was fully backed.
By September, the Platypus team had recovered approximately 61.7% of the initial losses suffered by its liquidity pools during the USP exploit.
They tapped into reserved cash to launch a second phase of compensation on September 26, the team said on X.
Platypus said it will share additional updates on the latest exploit in time.
Don’t miss the next big story – join our free daily newsletter.
