A possible suspect has been identified in the $8.5 million attack on the Platypus decentralized finance protocol, in which $8.5 million was stolen from the protocol.
Blockchain security firm CertiK first reported the flash loan attack on the Avalanche-based stablecoin through a tweet on February 16, along with the alleged attacker’s contract address.
According to CertiK, close to USD 8.5 million have already been moved. As a result, the Platypus USD stablecoin decoupled from the US dollar, falling 52.2% to $0.478 at the time of writing.
We are seeing a #flashloan attack on @Platypusdefi resulting in a potential loss of ~$8.5M.
Tx AVAX: 0x1266a937c2ccd970e5d7929021eed3ec593a95c68a99b4920c2efa226679b430
Stay Frosty! pic.twitter.com/AM2HOM5M2r
— CertiKAlert (@CertiKAlert) February 16, 2023
Platypus later confirmed the attack on Twitter, while a moderator of the Platypus Telegram group confirmed that Platypus had stopped trading.
“The attacker used a flash loan to exploit a logical error in USP’s credit check mechanism in the contract containing the guarantee.”
Platypus confirmed an “8.5 million” loss from its core group and said deposits were 85% covered. Other pools were not affected. The company has contacted the hacker to negotiate a reward for the return of the funds.
Tether Holdings froze the stolen USDT, and Platypus approached Circle and Binance to freeze other stolen tokens.
Dear Community,
We regret to inform you that our protocol was recently hacked, and the attacker took advantage of a flaw in our USP solvency check mechanism. They used a flash loan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral.— Platypus (++) (@Platypusdefi) February 17, 2023
Dear community,
We regret to inform you that our protocol was recently hacked and the attacker took advantage of a flaw in our USP credit check mechanism. They used a flash loan to exploit a logical error in USP’s solvency verification mechanism in the contract containing the guarantee.
A tweet from cryptocurrency “on-chain detective” ZachXBT has denounced a now-deleted Twitter account calling itself @retlqw, claiming that addresses identified by Platypus are linked to the account.
“I have traced addresses to your @Platypusdefi exploit account and am in contact with your team and exchanges. We would like to negotiate the return of the funds before engaging with law enforcement,” ZachXBT said.
The official Platypus Twitter account has also retweeted ZachXBT’s message.
hi @retlqw since you deactivated your account after I messaged you.
I’ve traced addresses back to your account from the @Platypusdefi exploit and I am in touch with their team and exchanges.
We’d like to negotiate return of the funds before we engage with law enforcement. pic.twitter.com/oJdAc9IIkD
— ZachXBT (@zachxbt) February 17, 2023
Hi @retlqw since you deactivated your account after I messaged you.
I traced the addresses back to his account from the @Platypusdefi exploit and am in contact with his team and exchanges.
We would like to negotiate the return of the funds before engaging with the police.
A flash attack is the same method used by Avi Eisenberg when he allegedly manipulated the price of Mango Markets’ MNGO coin in October. Eisenberg said shortly after the exploit that he believed “all of our actions were open market legal actions, using the protocol as designed.” Eisenberg was arrested on fraud charges on December 28.
Update Feb 17, 4:53am UTC: Added a tweet from ZachXBT related to the possible identity of the Platypus flash loan attacker.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.