The value of the altcoin project fell as a result of an attack on the decentralized protocol Platypus. Here are the details…
$8.5 million withdrawn from altcoin project
A potential suspect was identified in the $8.5 million attack on decentralized finance protocol Platypus and $8.5 million was withdrawn from the protocol. Blockchain security firm CertiK first reported the sudden credit attack on the Avalanche-based exchange platform via a tweet on February 16 alongside the contract address of the alleged attacker.
According to CertiK, about $8.5 million has already been moved. As a result, Platypus’ stablecoin, which should be pegged at $1, fell 52.2 percent to $0.478 at the time of writing. Platypus later confirmed the hack on Twitter, while a moderator of Platypus’ Telegram group confirmed that Platypus had stopped trading.
The attacker used a flash loan to exploit a logic error in the USP solvency control mechanism in the contract holding the collateral.
https://twitter.com/CertiKAlert/status/1626318821840629763
Aave at the center of flash credit attack
The default attack was carried out via a flash credit exploit, where an attacker took a massive loan and placed it in the same block, squeezing transactions using capital to exploit other protocols in between. The Platypus exchange functionality on the network has been disabled since the attack. The alleged attacker appears to have taken a $44 million flash loan from Aave V3, and in turn minted about $41 million in Platypus tokens.
Later, the attacker cashed about $8.5 million in other stablecoins and paid back the flash loan. All of these actions took place in the same transaction block, according to data from ten chains. Platypus confirmed it had lost “8.5 million” from its main pool and said it had covered 85 percent of its deposits. Other pools were not affected. The company contacted the hacker to negotiate a reward for the return of the funds. Tether Holdings froze stolen USDT and Platypus reached out to Circle and Binance to freeze other stolen tokens.
Flash loan attack looks like Mango Markets incident
A tweet from crypto “on-chain analyst” ZachXBT called for a now-deleted Twitter account managed by @retlqw, claiming that addresses identified by Platypus are linked to the account. ZachXBT said, “I’ve traced the addresses from the @Platypusdefi exploit to your account and have been in contact with their team and exchange. “We would like to discuss the return of funds before contacting law enforcement,” he said. Platypus’ official Twitter account also retweeted the message from ZachXBT.
Hi @retlqw since you deactivated your account after I messaged you.
I've traced addresses back to your account from the @Platypusdefi exploit and I am in touch with their team and exchanges.
We’d like to negotiate returning of the funds before we engage with law enforcement. pic.twitter.com/oJdAc9IIkD
— ZachXBT (@zachxbt) February 17, 2023
The attack is the same method Avi Eisenberg used in October when Mango Markets allegedly manipulated the price of the MNGO coin. Shortly after the exploit, Eisenberg said he believed “all our actions were legitimate open market actions using the protocol as designed.” As we reported as Kriptokoin.com, Eisenberg was arrested on 28 December on fraud charges.
29360
