Platypus, a decentralized finance (DeFi) protocol, has suffered an attack in which nearly $8.5 million was drained from its platform. The attack was reported by CertiK, a blockchain security firm, which shared the alleged attacker’s contract address. The firm claimed that the attacker used a flash loan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral. As a result of the attack, the Platypus USD stablecoin has become de-pegged from the US dollar, dropping 52.2% to $0.478 at the time of writing.
The DeFi platform has confirmed the attack and reported a loss of “$8.5 million” from its main pool, while the company has halted trading on its platform. The deposits were covered at 85%, and the other pools were unaffected. Platypus is currently in negotiations with the hacker to return the funds in exchange for a bounty. Additionally, Tether Holdings has frozen the USDT stolen, and Platypus has reached out to Circle and Binance to freeze other stolen tokens.
According to a tweet from crypto “on-chain sleuth” ZachXBT, the addresses identified by Platypus are linked to a now-deleted Twitter account going by @retlqw. ZachXBT said that he had traced addresses back to the account and was in touch with Platypus’ team and exchanges to negotiate the return of the funds before engaging with law enforcement. Platypus’ official Twitter account retweeted the message from ZachXBT.
This is not the first time that a flash attack has been used to exploit a DeFi protocol. In October, Avi Eisenberg allegedly manipulated the price of Mango Markets’ MNGO coin using the same method. Eisenberg was arrested on fraud charges in December, and he claimed shortly after the exploit that he believed “all of our actions were legal open market actions, using the protocol as designed.”
It highlights the security risks associated with DeFi protocols and the need for additional security measures. Many DeFi protocols are still in the early stages of development and are more vulnerable to attacks. However, the growing popularity of DeFi protocols also presents an opportunity for the development of new security measures to mitigate these risks.
The Platypus attack has resulted in a significant loss of funds and has exposed the security vulnerabilities associated with DeFi protocols. The negotiations with the hacker to return the funds remain ongoing, and it is unclear whether the funds will be fully recovered. The incident is a reminder to investors and developers to be cautious and implement additional security measures to mitigate risks.