Home » Avalanche (AVAX): DeFi Platypus protocol suffers $8.5m attack

Avalanche (AVAX): DeFi Platypus protocol suffers $8.5m attack

by Thomas

Platypus has become the latest decentralised finance (DeFi) protocol to suffer an attack. Indeed, it has been the victim of an $8.5 million hack following a manipulation via a flash loan method. Fortunately, a significant part of the funds has already been recovered thanks to the cooperative efforts of various actors.

Platypus has $8.5m stolen

The decentralised finance protocol (DeFi) Platypus, hosted on Avalanche (AVAX), suffered a hack worth $8.5 million on 16 February. The information was first reported by blockchain security firm CertiK, before being confirmed today by Platypus on Twitter.

According to Platypus, the hack only affects the main cash pool containing USP (the protocol’s stablecoin), and the other pools would be safe. However, at the moment, customer funds in the affected pool are presumably only covered to the extent of 35%.

As a result, the USP has lost its peg to the US dollar for some time, thereby losing 50% of its reference price.

72hr USP price

72hr USP price

The attacker used a flash loan method to achieve his goal, a form of instant loan to find arbitrage opportunities, unfortunately often used to attack protocols. This is the process that was used in the attack on the Nereus Finance protocol last September.

In this case, the hacker’s funds have been traced, and some have already been blacklisted by Tether. Platypus has announced that it has also contacted Circle and Binance to try to freeze some of the remaining funds.

Hacker’s identity revealed

Investigator ZachXBT, known for his on-chain investigations, has revealed the alleged identity of the hacker after studying various clues pointing to the same individual. The person identified in the tweet has since deleted his Twitter account as well as his Instagram account.

In addition, negotiations have been initiated between Platypus and the hacker so that the latter can eventually return the funds and keep a portion of them. According to ZachXBT, a refusal on the part of the hacker could result in a legal investigation against him.

I have traced your account addresses from the Platypus exploit and am in contact with their team and some exchanges. […] I have examined your transaction history on several blockchains, which led me to your ENS address retlqw.eth. Your OpenSea account is directly linked to your Twitter and you liked a Tweet about the Platypus exploit. “

According to the latest tweet from Platypus, the protocol has managed to recover 2.4 million USDC thanks to the cooperation of blockchain auditing firm BlockSec, just over a quarter of the total.

Related Posts

Leave a Comment