Platypus becomes the latest decentralized finance (DeFi) protocol to come under attack. Indeed, the latter was the victim of an 8.5 million dollar hack following manipulation via a flash loan method. Fortunately, a significant part of the funds has already been recovered thanks to the cooperative efforts of different actors.
https://cryptoast.fr/avalanche-avax-protocole-defi-platypus-subit- attacked-85-millions-dollars/
Platypus is robbed of $8.5 million
The decentralized finance (DeFi) protocol Platypus, hosted on Avalanche (AVAX), suffered a hack worth $8.5 million on February 16. The information was first noted by the blockchain security firm CertiK, before being confirmed today by Platypus on Twitter.
Dear Community,
We regret to inform you that our protocol was hacked recently, and the attacker took advantage of a flaw in our USP solvency check mechanism. They used a flashloan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral.
— Platypus 🔺 (🦆+🦦+🦫) (@Platypusdefi) February 17, 2023
According to Platypus, the hack exclusively concerns the main liquidity pool containing USP (the protocol stablecoin), and the other pools would be safe. However, at present, the funds of the clients of the pool concerned are, a priori, now only covered up to 35%.
The USP consequently lost its peg to the US dollar for some time, thus losing 50% of its reference price.
USP course over 72 hours
The attacker resorted to a method of flash loan to achieve his ends, a form of instant loan to find arbitrage opportunities, unfortunately often used to attack protocols. This is the process that was used in particular for the attack on the Nereus Finance protocol last September.
In this case, the hacker’s funds have been traced, and some have already been blacklisted by Tether. Platypus announced that it has also contacted Circle and Binance to try to freeze some of the remaining funds.
👉 Find our top 10 wallets to secure your cryptocurrencies
An intuitive platform to start crypto
Up to €100 offered by depositing €50 or more on Young Platform 🔥
Hacker’s identity revealed
The inspector ZachXBT, known for its on-chain investigations, revealed the alleged identity of the hacker following the study of various clues pointing to the same individual. The person identified in the tweet has since deleted his Twitter account as well as his Instagram account.
Moreover, negotiations have been initiated between Platypus and the hacker so that the latter can possibly return the funds and keep part of them. According to ZachXBT, a refusal on the part of the hacker could result in a judicial investigation against him.
Hi @retlqw since you deactivated your account after I messaged you.
I’ve traced addresses back to your account from the @Platypusdefi exploit and I am in touch with their team and exchanges.
We’d like to negotiate returning of the funds before we engage with law enforcement. pic.twitter.com/oJdAc9IIkD
— ZachXBT (@zachxbt) February 17, 2023
“I have traced your account addresses from the Platypus exploit and am in contact with their team and some exchanges. […] I looked at your transaction history on several blockchains, which led me to your ENS address retlqw.eth. Your OpenSea account is directly linked to your Twitter and you liked a Tweet about the Platypus exploit. »
According to Platypus’ latest tweet, the protocol would have managed to recover 2.4 million USDC thanks to the cooperation of blockchain auditing firm BlockSec, a little over a quarter of the total sum.
👉 In similar news – MetaMask phishing alert: no KYC verification is not required
Cryptoast launches its 1st collection of NFTs
NFTs associated with a collector paper journal 🔥
Source: CoinGecko
Newsletter 🍞
Receive a summary of crypto news every Monday by email 👌
What you need to know about affiliate links. This page presents assets, products or services relating to investments. Some links in this article are affiliated. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and could not be held responsible, directly or indirectly, for any damage or loss caused following the use of a good or service highlighted in this article. Investments related to crypto-assets are risky by nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
AMF recommendations. There is no guaranteed high return, a product with high return potential involves high risk. This risk-taking must be in line with your project, your investment horizon and your ability to lose part of this savings. Do not invest if you are not ready to lose all or part of your capital.
To go further, read our Financial Situation, Media Transparency and Legal Notices pages.
Passionate about the world of decentralized finance and the novelties brought by Web 3.0, I write articles for Cryptoast to help make blockchain more accessible to everyone. Convinced that cryptocurrencies will change the future very soon.
Maximilien Prue
597 items