Flying Tulip, a decentralized finance (DeFi) platform founded by DeFi developer Andre Cronje, has added a circuit breaker that can delay or queue withdrawals during abnormal outflows, as April DeFi losses climbed amid a string of major exploits.
According to Flying Tulip’s documentation, the mechanism is designed to slow funds leaving the protocol if outflow capacity is exceeded, giving the team time to investigate suspicious activity and limiting how much an attacker could drain in a worst-case scenario.
Flying Tulip said the circuit breaker works differently across products. In the first version of the circuit breaker, used in its Perpetual PUT product, withdrawals can revert and users must retry later. In the second version, used in Flying Tulip’s stable asset and settlement currency, ftUSD, withdrawals are queued and become claimable after a delay instead of being rejected outright.
Flying Tulip said the circuit breaker is built with a “fail-open” design, meaning transactions would still be allowed if the safety mechanism itself were to malfunction. The platform said users can track the feature through a dedicated status page.
The design adds a new layer of protection for the DeFi platform as recent industry exploits exposed risks that extend beyond smart contract code.
Circuit breaker definition. Source: Flying Tulip
Recent exploits put broader security failures in focus
The added attention to outflow controls comes as recent exploits underscored vulnerabilities tied to signers, infrastructure and collateral design rather than only smart contract bugs.
Amir Hajian, a digital assets researcher at trading firm Keyrock, said the biggest failures in April were increasingly linked to operational and infrastructure weaknesses, including compromised multisigs, configuration flaws and key leaks.
The new mechanism deployed by Flying Tulip is designed to slow abnormal outflows and give the protocol time to respond when losses stem from failures outside of the smart contract itself.
Related: Phishing, deepfakes, supply chain attacks to fuel 2026’s biggest crypto hacks: CertiK
Hajian highlighted April’s DeFi losses, which reached over $600 million in the first 18 days of the month, with two incidents accounting for 95% of the damage.
On April 2, Solana-based decentralized exchange Drift Protocol suffered an exploit, with estimated losses at about $280 million. On April 19, liquid restaking platform Kelp was exploited for about $293 million, prompting lending protocol Aave to freeze rsETH markets on V3 and V4.
Magazine: 53 DeFi projects infiltrated, 50M NEO tokens could be ‘given back’: Asia Express
