Platypus Finance, a decentralized finance (DeFi) protocol for stablecoins, announced yesterday that French authorities have arrested and summoned two suspects who have reportedly exploited its platform before.
Platypus thanked the French National Police, Binance, and ZackXBT for helping to identify and track down the suspects.
The three stage trick
The hack occurred in three stages, Platypus explained in a blog post. The first stage was the most severe, with $8.5 million worth of stablecoins like Tether’s USDT, Circle’s USDC, Maker’s DAI, and Binance’s BUSD being drained from the DeFi protocol’s main pool.
With the help of blockchain security firm BlockSec, Platypus recovered $2.4 million of stolen USDC stablecoins after the attack. Additionally, Tether froze $1.5 million in stolen USDT.
The second attack accidentally transferred $380,000 worth of stablecoins to the popular Aave lending protocol. Platypus approached the Aave government forum to release those assets.
During the third and final attack, the hacker stole $287,000 in irrecoverable assets while moving them through the Tornado Cash crypto mixer and the Aztec Network encryption service.
According to Platypus, they had $1.4 million in treasury reserves, but had not used them to pay the hack victims anything. But they may have to spend treasury funds if the protocol can’t recover more assets over the next six months.
If Tether could help unfreeze the frozen, 78% of user money would be recovered thanks to the approval of the recovery request by USDT and Aave. The following week, Platypus announced that they would revive the stablecoin trading protocol without the unpegged stablecoin, USP.
Platypus to compensate victims
On February 23, the DeFi platform submitted a compensation plan, saying it would return a minimum of 63% of funds to users affected by the recent exploit.
Hackers extracted more than $9 million from the protocol last week. Platypus worked with cryptocurrency exchange Binance to confirm the identity of the exploiter. The hacker was using a Binance account that had gone through KYC checks for a withdrawal request. Platypus stated that they had contacted law enforcement and filed a complaint in France.
During the hack, the hacker exploited a bug in the platform’s credit-check mechanism, stole $9.2 million worth of digital assets, and caused the platform’s native USP stablecoin to lose peg to the dollar.
While the recovery process continues, Platypus Finance remains committed to providing its users with a secure and reliable platform for their financial needs.
