Global News

France arrests a duo involved in Platypus attack, details inside

Published

on

Source: Unsplash

  • French police have arrested two people in connection with an attack on the decentralized finance (DeFi) protocol Platypus.
  • Platypus stated that it has recovered 2.4 million USDC and 687,000 BUSD out of the $9 million in stolen assets.

According to a Twitter statement from France’s police department, two people have been arrested in connection with an attack on the decentralized finance (DeFi) protocol Platypus.

Platypus stated in a blog that it has recovered 2.4 million USDC and 687,000 BUSD out of the $9 million in stolen assets and that it has also worked with Tether to freeze 1.5 million USDT.

As part of the arrest, French police seized approximately $220,000 in cryptocurrency. USDC, USDT, and BUSD are all stablecoins designed to mirror the value of fiat currencies such as the U.S. dollar.

Platypus is an Avalanche blockchain-based automated market maker (AMM) focused on stablecoins. Platypus has a total value locked (TVL) of $39.5 million, according to DeFiLlama. Its TVL has dropped significantly from a high of $1.2 billion in March 2022.

The Platypus team thanked Binance and ZachXBT in a tweet for their assistance in determining the identity of the attacker.

Flash Loan used to attack Platypus

The attack against Platypus used a flash loan and was similar to the attack structure used against Mango Markets late last year. Flash loans aren’t inherently bad; they were designed to be a tool for traders looking for arbitrage opportunities.

This attack exploited a logic flaw in USP’s smart contracts, which are constantly checked for solvency. The attacker used borrowed crypto from Aave to provide liquidity to a Platypus trading pool.

The smart contracts then created a liquidity provider token, LP-USDC, and placed it in a protocol staking contract. They then borrowed USP stablecoins against their LP positions and repaid the flash loan by withdrawing everything to Aave.

Platypus earlier announced that it intends to return at least 63% of funds to users after recovering a portion of the $9 million drained from the protocol last week.