Flying Tulip has rolled out a new circuit breaker mechanism aimed at slowing or queuing withdrawals during periods of abnormal activity, as decentralized finance faces a surge in exploit-related losses.
Summary
Flying Tulip introduced a withdrawal circuit breaker to manage abnormal outflows as DeFi losses exceeded $600 million in April. The safeguard limits how quickly funds can exit the protocol, allowing time to assess suspicious activity. Notably, two major incidents accounted for nearly 95% of the total losses.
Circuit breaker designed to manage risk
According to official documentation, the circuit breaker is activated during periods of unusually high withdrawal demand. Instead of halting activity entirely, it caps the rate at which assets can leave the platform, giving the team time to investigate and potentially contain damage.
The system operates differently across products. In the Perpetual PUT product, withdrawal attempts may fail and require users to retry later. Meanwhile, for its stable asset ftUSD, withdrawal requests are queued, allowing users to claim funds after a delay rather than facing outright rejection. A dedicated status page provides real-time visibility into how the mechanism is functioning.
Built with a “fail-open” design, the feature ensures transactions can still proceed even if the safety layer encounters issues—prioritizing continuity while slowing suspicious outflows.
DeFi exploits surpass $600 million in April
The update comes amid mounting concerns over security in the DeFi sector. According to CertiK, total losses from exploits surpassed $600 million within just the first few weeks of April.
Two major incidents drove the bulk of the losses. Drift Protocol suffered an exploit estimated at around $280 million on April 2, followed by a roughly $293 million attack on Kelp on April 19.
The fallout from the latter also impacted Aave, which temporarily froze rsETH markets on its V3 and V4 deployments in response.
Beyond smart contract vulnerabilities
Recent exploits have highlighted risks that go beyond traditional smart contract bugs. Issues related to multisignature setups, infrastructure configuration, and key management have increasingly come under scrutiny, as attackers exploit weaknesses outside core code.
The growing scale of losses has prompted calls across the industry for stronger safeguards—such as circuit breakers—to better manage risk during extreme conditions.
With this move, Flying Tulip joins a broader shift in DeFi toward implementing protective mechanisms that can slow down potential attacks, even if they cannot fully prevent them.
