Platypus Finance suffers its third hack in 2023, losses $2m

The Platypus team said on social media it had taken the ‘proactive measure’ to suspend all pools temporarily.

Decentralized finance (defi) protocol Platypus Finance suffered yet another hack this year, as around $2 million was stolen from the project.

According to a security firm PeckShield, the protocol has been exploited on the Avalanche blockchain as attackers discovered a vulnerability, allowing them to withdraw Wrapped Avax (WAVAX) and Staked Avax (SAVAX).

As of press time, one of the hacker’s wallets is holding over $1.6 million worth of WAVAX and SAVAX. The total sum of the stolen funds is estimated to be over $2 million, according to PeckShield.

The Platypus team has confirmed the incident, saying it has “temporarily” suspended all pools due to “suspicious activities in our protocol.” Although the nature of the hack remains unclear, reports say the protocol has once again suffered a flash loan attack.

Due to suspicious activities in our protocol, we have taken the proactive measure of temporarily suspending all pools.
Further updates will be communicated to the community in a timely manner.
Thank you for your patience and understanding during this time.

— Platypus 🔺 (🦆+🦦+🦫) (@Platypusdefi) October 12, 2023

Amid the news, Platypus Finance’s token plunged 7.5% to $0.012, according to CoinMarketCap.

Three Platypus hacks

This is the third time Platypus Finance has suffered a hacker attack.

In early 2023, hackers drained over $9 million from the protocol. After the hack, Platypus reached out to Binance to identify the exploiter’s identity, as the hacker was using the exchange to cash out the stolen funds.

A few months later, in July 2023, Platypus once again paused their pools after identifying “suspicious activities”. Later, the CertiK security firm said they had found multiple suspicious flash loans involving the project.