Flying Tulip, a decentralized finance (DeFi) platform founded by DeFi developer Andre Cronje, added a kill switch that can delay or queue withdrawals in the event of unusual outflows as April DeFi losses mounted amid a series of major exploits.
According to according to Flying Tulip’s documentation, the mechanism is intended to snail-paced down funds leaving the protocol when they exceed their outflow capacity, giving the team time to investigate suspicious activity and limiting the amount an attacker can exploit in a worst-case scenario.
Flying Tulip has found that the circuit breaker works differently in different products. In the first version of the breaker used in the Perpetual PUT product, withdrawals can be reversed and users must try again later. In the second version, used on Flying Tulip’s stable asset and settlement currency, ftUSD, withdrawals are queued and become redeemable after a delay, rather than being rejected outright.
Flying Tulip stated that the circuit breaker is of a “safety-safe” design, meaning that transactions will still be allowed if the protection mechanism itself fails. The platform says users can track the feature via a dedicated status page.
The project adds a fresh layer of protection to the DeFi platform as the recent industry exploits exposed risks beyond intelligent contract code.
Definition of a circuit breaker. Source: Flying Tulip
Recent exploits focus on broader security failures
Additional attention has been paid to outflow control as recent exploits have highlighted vulnerabilities related to signers, infrastructure, and security design, not just bugs in intelligent contracts.
Amir Hajian, a digital asset researcher at trading firm Keyrock, said April’s biggest outages were increasingly the result of operational and infrastructure weaknesses, including compromised multisignals, configuration errors and key leaks.
The fresh mechanism implemented by Flying Tulip aims to snail-paced down abnormal outflows and give the protocol time to react when losses result from failures outside the intelligent contract itself.
Related: Phishing, deepfakes and supply chain attacks driving the largest cryptocurrency attacks in 2026: CertiK
Hajian highlighted April DeFi losses, which reached over $600 million in the first 18 days of the month, with two incidents accounting for 95% of the damage.
On April 2, the Solana-based decentralized exchange Drift Protocol fell victim to an exploit with losses estimated at approximately $280 million. On April 19, liquids retaking platform Kelp was leveraged for approximately $293 million, prompting lending protocol Aave to freeze the rsETH markets on V3 and V4.
Warehouse: 53 DeFi projects infiltrated, 50 million NEO tokens can be “returned”: Asia Express
