Authorities have apprehended two individuals alleged to be responsible for the exploit of one of the most popular and important DeFi protocols, Platypus. France’s police department posted the news on their official Twitter account, confirming that the suspects have been detained.
Platypus Was Able to Recover Only 1/3 of the $9 Million Stolen
After the $9 million in assets were reported stolen, Platypus proudly announced that they had successfully recovered 2.4 million USDC and 687,000 BUSD; furthermore, it was established that 1.5 million USDT had been frozen through collaboration with Tether. Additionally, French police seized around a total of 220 thousand U.S dollars worth of crypto during the arrest process – all three being stablecoins meant to imitate real-world fiat currencies such as the United States Dollar (USDT), USDC, and BUSD).
USP, a stablecoin pegged to the USD and backed by Platypus, is currently trading for 32 cents, according to CoinGecko. As an automated market maker (AMM) on Avalanche blockchain with $39.2 million in total value locked (TVL), however, this TVL has dropped from its March high of $1.2 billion, as reported by DeFiLlama. The team behind USP expressed their appreciation for Binance and ZachXBT, who aided in uncovering the identity of the exploiter via tweet.
Platy pus Was Exploited Using the Flash Loan Feature
The system of attack against Platypus is strikingly similar to the structure used in a flash loan operation that exploited Mango Markets last year. Flash loans are not fundamentally wrong, they were first conceived as tools for traders searching for arbitrage openings.
The exploiter capitalized on a logic error within USP’s smart contracts, which constantly verifies solvency. According to CoinDesk’s report, the rogue borrowed crypto from Aave and added it as liquidity into Platypus’ trading pool; consequently, the computer protocols released LP-USDC tokens that were then placed in a staking agreement on this protocol. Subsequently, they obtained USP stablecoins against their LP roles and transferred them all over to Aave for refunding their flash loan.
On February 24th, Platypus declared that it plans to reimburse at least 63% of the funds stolen from its protocol last week. Although French authorities have yet to name the suspects or their charges, they are currently investigating the case.
You may be interested in: White Hats Help Oasis Recover $140 Million That Was Stolen Through The Wormhole Attack
