Platypus Finance recovers 90% of stolen assets after security breach
- The retrieval was facilitated by the hacker’s voluntary return of the stolen assets.
- Hacked exchanges have been lately reverting to striking a deal with the hackers instead of turning to law enforcement.
Platypus Finance, a decentralized finance (DeFi) protocol, has reclaimed 90% of the assets that were pilfered during a security breach in the prior week. The platform managed to limit its net loss to 18,000 Avalanche [AVAX] tokens, equivalent to $167,400 at the time of this announcement.
This impressive retrieval was facilitated by the hacker’s voluntary return of the stolen assets. In a noteworthy move, Platypus Finance declared its decision to not pursue any legal action against the hacker.
This may be interpreted to be in light of the returned funds. Moreover, the protocol hinted at forthcoming withdrawal information, reassuring users about the status of their assets.
The security breach unfolded on 12 October. It began when the automated market maker operating on the Avalanche blockchain was subjected to three separate flash loan attacks. These malicious attacks siphoned a substantial $2.23 million from the protocol, marking a significant loss.
Interestingly, the project had previously secured $3.3 million in funding through a round led by the now-defunct cryptocurrency hedge fund Three Arrows Capital in 2021.
DeFi Protocol bounces back with hacker’s return of funds
Following this latest attack, Platypus Finance swiftly acted by suspending all liquidity pools and launching a comprehensive security audit.
Flash loan attacks typically exploit vulnerabilities that enable hackers to borrow cryptocurrencies instantly, often without providing the requisite collateral. Subsequently, the hacker absconds with the borrowed assets, leaving the burden of bad debt on users or the protocol’s treasury to shoulder.
Remarkably, this incident was not an isolated case, as it marked the third attack against Platypus this year. In July, the protocol experienced another flash loan attack that drained $157,000.
The preceding attack in February was significantly more damaging, with the DeFi protocol falling victim to an $8.5 million exploit.
In the aftermath of the February attack, Platypus Finance laid out a recovery plan. It vowed to return a minimum of 63% of the assets lost to users.
Hacker negotiations on the rise
Hacked exchanges are now lately reverting to striking a deal with the hackers instead of turning to law enforcement. Huobi Global’s crypto exchange recovered $8 million in stolen Ethereum [ETH] after negotiations with the hacker.
Justin Sun, an HTX adviser, announced the successful recovery. He also stated the hacker’s acceptance of a “white hat bonus” of 250 ETH for returning the funds. The incident was reported on 25 September, with Huobi offering the hacker a reward to incentivize the return of the stolen ETH.
In many cases, agreements are reached where a significant portion of the funds is returned, and a bounty is paid to the hacker as part of the resolution.
Crypto exchanges have been frequent targets for hackers, but the types of exchanges targeted have varied. A report by Immunefi in July 2023 revealed a 63% increase in blockchain hacks in the second quarter of the year compared to the same period in the previous year.