DeFi protocol Platypus suffers second flash loan attack in 9 months

CertiK estimates the protocol has lost $1.3 million worth of wrapped AVAX and about $913,000 in liquid staked AVAX

by Shalini Nagarajan /
article-image

Daniel Eskridge/Shutterstock, modified by Blockworks

share

Platypus, the Avalanche-native StableSwap protocol, suspended all of its pools on Thursday after detecting a flash loan exploit on the DeFi platform.

PeckShield, the first to report on the platform attack, disclosed on Thursday that the exploit led to losses exceeding $2 million.

Blockchain security firm CertiK laid out the results of its own investigation, saying that two attackers had taken about $1.3 million worth of wrapped AVAX (WAVAX) and about $913,000 in liquid staked AVAX (sAVAX).

Newsletter

Subscribe to Blockworks Daily

Playtypus is currently investigating what went down.

Loading Tweet..

“The whole team is working & communicating with different parties to try to recover the funds from the contracts, identify the root cause of this exploit, and trace the identity of the hacker(s) right now. We will share the updates with the community soon,” a moderator wrote on the protocol’s Discord channel on Thursday.

Platypus is an automated market maker (AMM) protocol within the Avalanche blockchain, created with the primary goal of exchanging stablecoins.

The protocol raised $3.3 million in Dec. 2021 in a funding round led by now defunct crypto hedge fund Three Arrows Capital (3AC) and Defiance Capital.

The protocol suffered a separate exploit in February, losing more than $8.5 million. 

That incident was also a flash loan attack — where traders can instantaneously borrow cryptocurrencies without providing collateral and return them within the same transaction.

In that particular attack, the perpetrators exploited a vulnerability in Platypus’ native stabletoken’s USP solvency check mechanism, deceiving its smart contracts into believing that USP was completely backed.

As of September, the Platypus team recovered about 61.7% of the original losses incurred by its liquidity pools during the USP exploit. 

They tapped into a reserved treasury to initiate a second phase of compensation on Sept. 26, the team said on X.

Platypus said it would share additional updates on the latest exploit in time.

Get the news in your inbox. Explore Blockworks newsletters:

  • Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
  • Empire: Start your morning with the top news and analysis to inform your day in crypto.
  • Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
  • 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
  • Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
  • The Drop: For crypto collectors and traders, covering apps, games, memes and more.
  • Supply Shock: Tracking Bitcoin’s rise from internet plaything worth less than a penny to global phenomenon disrupting money as we know it.
Tags

Upcoming Events

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy ticketslearn more

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Research Report Templates.jpg

Research

Evaluating Bluefin’s Precarious Market Position

Bluefin possibly stands at an inflection point. The token is near an all-time low yet the protocol’s spot volume market share and derivatives exchange usage have been increasing month over month since its November launch. Given its current market position and the upcoming upgrades (for both Bluefin and SUI), there may be upside potential before the increased supply growth in December. However, strong opposition from existing competitors (like Cetus and Suilend), as well as new entrants (like Aftermath), pose key challenges to Bluefin’s medium-term success.

by Marc-Thomas Arjoon, CFA

/

news

article-image

Policy

Trump’s SEC pick grilled on past agency actions, conflicts of interest 

Top Committee Democrat Sen. Elizabeth Warren in her opening statement accused Atkins of “helping billionaire CEOs like Sam Bankman-Fried”

by Casey Wagner /
article-image

0xResearch NewsletterDeFi

COTI launches V2 mainnet: A new era of privacy-focused L2 solutions

Introducing garbled circuits for enhanced privacy and regulatory compliance

by Donovan Choy /
article-image

AnalysisSupply Shock

How Silk Road carved the fault line that separates ‘bitcoin’ and ‘crypto’

Ross Ulbricht was a freedom maximalist building freedom tech, powered by Bitcoin

by David Canellis&Pete Rizzo /
article-image

DeFiLightspeed Newsletter

Solana startups spin up validators for revenue and ‘soft power’

Solana validators can reap benefits including payments, votes and community clout

by Jack Kubinec /
article-image

Sponsored

WCT’s Role in the Onchain Economy

WalletConnect is cementing itself as the essential connectivity layer, ensuring wallets remain the entry point for billions of users

article-image

Business

Galaxy to pay $200M to New York over alleged LUNA manipulation

According to a legal filing, Galaxy Digital helped boost the price of LUNA while quietly selling its tokens

by Katherine Ross /