French authorities have reportedly seized around $220,000 worth of cryptocurrency as part of the arrest of the two individuals suspected of being involved in the attack on Platypus. It’s worth noting that USDC, USDT, and BUSD are all stablecoins that are pegged to the value of fiat currencies like the U.S. dollar, with the aim of providing a more stable medium of exchange in the often volatile world of cryptocurrency.
According to a tweet by France’s police department, two individuals suspected of perpetrating an attack on the decentralized finance (DeFi) protocol Platypus have been apprehended.
The decentralized finance (DeFi) protocol that was targeted in the flash loan exploit, it has successfully recovered $2.4 million in USDC and $687,000 in BUSD from the $9 million in assets stolen. Additionally, the platform collaborated with Tether to freeze $1.5 million in USDT, a popular stablecoin that is also designed to track the value of the U.S. dollar.
Platypus AMM on Avalanche with $39M TVL Hit by Flash Loan Attack
Platypus is an automated market maker (AMM) that focuses on stablecoins, and it operates on the Avalanche blockchain. According to DeFiLlama, Platypus currently has a total value locked (TVL) of $39.2 million. This represents a considerable decline from its peak of $1.2 billion in March 2022.
The exploit that was employed against Platypus was a flash loan attack, which shares a similar structure to the attack that was executed against Mango Markets. It’s important to note that flash loans themselves are not inherently malicious, as they were originally intended to serve as a tool for traders seeking to capitalize on arbitrage opportunities.
Logic Error in USP Smart Contracts Exploited in Platypus Flash Loan Attack
The flash loan attack that was carried out against Platypus on the Avalanche blockchain was executed by exploiting a logic error in the smart contracts of the platform’s USP stablecoin, which is specifically designed to ensure solvency. The attacker took advantage of a flaw in the system by borrowing cryptocurrency from Aave and adding liquidity to a trading pool on Platypus. In response, the platform issued a liquidity provider token called LP-USDC.
The attacker then placed the LP-USDC token into a staking contract on the platform and used their LP positions to borrow USP stablecoins before withdrawing all of the funds to Aave to repay the flash loan. It’s worth noting that flash loans were originally created as a tool for traders to identify arbitrage opportunities, but as demonstrated in this instance, they can also be leveraged for malicious purposes.
Platypus $9M Attack Underscores Need for Robust DeFi Security Measures
The attack on Platypus highlights the importance of ensuring the security of smart contracts within DeFi protocols, as vulnerabilities can be exploited to devastating effect. As such, it is vital for platforms to undertake thorough testing of their code, as well as implementing robust security measures to protect user funds.
Last week, Platypus suffered a drain of $9 million in assets as a result of the flash loan exploit. On February 24, the platform declared its intention to reimburse users by at least 63% of their lost funds after successfully recovering a portion of the stolen assets.
