Home » Platypus (PTP) hack: the National Police arrested two suspects

Platypus (PTP) hack: the National Police arrested two suspects

by Thomas

Only ten days after the Platypus hack on the Avalanche blockchain, the National Police have arrested two suspects who are believed to be behind the events. Nevertheless, a large part of the stolen funds would have been lost.

Two suspects arrested by the National Police for the Platypus hack

This weekend, the National Police said they have arrested two people, suspected of being behind the hack suffered by the decentralised finance protocol (DeFi) Platypus (PTP) about ten days ago:

While the loss was initially announced at $8.5 million, it has been re-evaluated at $9.5 million.

Although this attack is far from record-breaking in terms of the amount of money stolen, it is a particularly notable case because of the speed of the investigation.

As a reminder, onchain investigator ZachXBT was able to trace the attacker back to a link between the various addresses, pointing to an Ethereum Name Service (ENS) using the same handle as his social networks:

Are most of the stolen funds lost?

The recklessness of the attacker, as well as the responsiveness of the various stakeholders, led to this swift arrest which took place on Wednesday. For their part, the Platypus teams thanked the National Police, ZachXBT, but also Binance:

The two suspects are two brothers, aged 18 and 20, the older one allegedly led the attack, while the younger one benefited from the stolen money. In total, they would have been able to recover “only” the equivalent of 270,000 euros, and the police were able to seize 210,000, most likely from the Binance account of the person concerned. Both individuals were placed under judicial supervision pending a court summons, following police custody.

For its part, Platypus had already been able to recover 2.4 million USD. As for the remaining sum, it was reported to AFP that it was “beyond anyone’s reach”.

In reality, it seems that these words refer to several million dollars of stablecoins, stored on a smart contract created by the attacker. We can see this on Snowtrace, the explorer of the Avalanche C-Chain, the blockchain on which Platypus operates:

Address of a smart contract involved in the Platypus hack

Address of a smart contract involved in the Platypus hack

So the real question is whether law enforcement is simply waiting for a court order to confiscate the private keys giving control of these funds, or whether the attacker has actually lost control over this smart contract, in which case these stablecoins would effectively be lost forever.

For its part, Platypus announces that the USP pool targeted by the attack will resume operation tomorrow. In addition, affected users will have access to a page offering them a visual of their assets before the hack, so they can claim compensation in the future:

Related Posts

Leave a Comment