Platypus Finance hacked for $9M on Avalanche
Platypus Finance hacked for $9M on Avalanche
According to a series of tweets from blockchain security firm Certik, DeFi app Platypus has been hit with a $9 million attack.
Cover/illustration via Cryptooshala
DeFi app Platypus Finance has been hit with a $9 million attack, according to a series of tweets from blockchain security company CertiK on Feb. 16.
This report states that attacking used flash loans on the Avalanche (AVAX) blockchain to use a feature in one of Platypus’ smart contracts.
The attacker invested $44 million worth of stablecoins in the app. With the assets obtained, the attacker could issue the same amount of Platypus USP stablecoins (41.79 million USP). The attacker then used the emergency withdrawal feature to gain access to the $44 million initial deposit and minted USP. Finally, the attacker traded the USP for other assets before repaying the loan.
The final difference and estimated loss for Platypus was $9 million. It is reported that most of the stolen funds remain in the attacker’s contract address, although some of them were sent to certain pools. Presumably, part of this amount can be returned or recovered.
Platypus confirmed the flash loan attack in a message on Telegram and Discord. They wrote that they are evaluating the situation and will suspend work.
This line of attack is not unique to Platypus. Several other DeFi platforms have fallen victim to instant loans in recent months, including Mango Markets in October, New Free DAO in September, Nirvana Finance last July, and Deus DAO last April.
Update: As of February 18, Platypus has recovered $2.4 million from the attack.
SEC vs. Paxos: A Deep Dive into the Aftermath of the Litigation and Its Impact on Stablecoins
The SEC’s notice to Paxos to stop issuing BUSD could have long-term implications for the crypto market. A new Cryptooshala report explores the recent and potential impact of enforcement action against Paxos.
Credit : cryptoslate.com
