An EU financial markets authority has alerted investors to the severe risks of DeFi amid a new flash loan exploit on the Avalanche network.
Over $2 million has been drained in a flash loan attack targeting Avalanche-based protocol Platypus Finance. PerkShield, a famous security firm, reported the security breach.
The DeFi project immediately shut down all of its pools to deal with the problem.
New DeFi Project Under Flash Loan Attack
PerkShield initially discovered that Platypus was likely under a flash loan attack that targeted the AVAX-sAVAX pool. However, at the time of writing, there hasn’t been any official confirmation regarding the attack method.
Platypus said that the team noticed some suspicious activities in the system and would keep the community informed about any updates.
“Due to suspicious activities in our protocol, we have taken the proactive measure of temporarily suspending all pools. Further updates will be communicated to the community in a timely manner,” according to Platypus’s statement.
A flash loan refers to a type of uncollateralized loan that allows users to borrow assets without having to put up any collateral.
Although flash loans can be beneficial to investors in decentralized finance, they can also be risky. Attackers can take advantage of the fact that flash loans are uncollateralized and do not require a credit check, to execute flash loan exploits.
Typically, the attacker borrows a large amount of cryptocurrency through a flash loan. The borrowed funds are later used to manipulate the price or exploit a vulnerability in a DeFi smart contract. The attacker eventually repays the loan before the transaction ends.
Today’s exploit isn’t the first time Platypus Finance has been hacked. Two similar attacks happened in February and July 2023, resulting in a loss of $8.5 million and $157,000, respectively.
EU Authority Steps Up
Decentralized finance has steadily matured and gained traction, especially after several centralized entities faced crises of trust last year. However, persistent issues and risks dent the reputation of the sector.
Complex and untested, DeFi markets are largely unregulated. This gives investors little recourse if they lose money. Plus, the DeFi ecosystem involves interactions with a diverse array of counterparties, including smart contracts, liquidity providers, and lending protocols. This multiplicity of counterparties introduces additional layers of risk.
Some of these entities may lack the financial stability required to meet their obligations, or in more severe cases, they might engage in fraudulent activities. These circumstances can culminate in substantial financial losses for DeFi users.
With these concerns, global policymakers are urged to establish a clear framework. However, regulating crypto is not easy.
On Oct. 11, the European Securities and Markets Authority (ESMA) issued a risk analysis, titled “Decentralised Finance in the EU: Developments and Risks,” to raise awareness of the risks associated with DeFi.
The regulatory body is also entrusted with the formulation of regulatory standards in accordance with the Markets in Crypto Assets Regulation (MiCA). ESMA highlights in the report that, despite the current level of investor exposure to DeFi remains relatively limited, there are substantial risks posed to investor protection.
Lawmakers in the EU and other jurisdictions are currently trying to figure out how to regulate DeFi. This, however, proves to be a formidable challenge without any straightforward solutions. DeFi is still in its nascent stages of development, and the associated risks are subject to evolution over time.
In July, a reentrancy attack drained over $50 million in major DeFi ecosystem Curve Finance. This unfortunate event caused a significant 44% reduction in Curve’s Total Value Locked (TVL) and a consequential depreciation in the price value of its native token, CRV.
Despite the issues and hacks, DeFi remains popular – and very difficult to regulate.