DeFi Protocol Platypus Compromised For $8.5M

Published on:

The DeFi protocol Platypus has been the target of the latest flash loan attack, which has resulted in a loss of funds worth $8.5 million. 

Flash Loan Attack Results In Stablecoin Depeg

The flash loan attack on the Platypus protocol was first brought to attention when blockchain security firm Certik reported on it on Twitter. The security company also tweeted out the wallet address of the attacker responsible for the flash loan attack. Soon after, the Platypus team also confirmed the attack and the subsequent fund loss. 

The team tweeted, 

“We regret to inform you that our protocol was hacked recently, and the attacker took advantage of a flaw in our USP solvency check mechanism. They used a flashloan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral.” 

The flash loan attack also resulted in the loss of the dollar peg for the protocol’s stablecoin. Platypus USD (USDP), the protocol’s native stablecoin, fell to 48 cents from its $1 anchor as a direct consequence of the hack.

Hacker Identified

The team informed that the $8.5 million were stolen from the main pool and that funds in other pools were unaffected. Furthermore, the team further informed that 35% of user deposits are covered by the protocol and are looking into compensation and reimbursement options for affected wallets. The team is also working with Binance, Tether, and Circle to also freeze the funds of the hacker, who has been contacted with the proposal to return the funds in exchange for a bounty amount. 

Read more:  Circle Launches euro-backed Stablecoin on Avalanche!

An on-chain sleuth going by the pseudonym ZachXBT on Twitter has identified a now-deleted Twitter account as being behind the flash loan attack on Platypus. According to ZachXBT, he was able to trace the wallet address of the hacker, as revealed by Platypus, back to the now-deleted Twitter account. He revealed that he had intimated this information to the Platypus team, who would prefer to negotiate a refund, before resorting to police involvement. 

A Hacktober “Flash”-Back

The flash loan attack is similar to a stream of hacks that shook the market in October 2022. The “Hacktober” attacks affected protocols like QuickSwap, Vee Finance, Ankr, Mango Markets, and others. In fact, it is interesting to note that both the CFTC and the FBI have taken severe legal action against Mango Markets exploiter Avraham Eisenberg, who claimed that his actions were perfectly within the bounds of legal trading strategy.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.