By George Ward
According to a statement by the French police department, two people have been taken into custody for their role in the attack on the Platypus decentralized financial (DeFi) protocol. Meanwhile, the Platypus Protocol team successfully recovered some of the stolen assets.
Out of the nine million dollars’ worth of stolen assets, it was able to retrieve 2.4 million USDC in addition to 687,000 BUSD. Platypus has disclosed that they are collaborating with Tether to halt the transfer of about 1.5 million USDT.
The French police agency recovered a significant amount of cryptocurrencies valued at around $221,000, a portion of the stolen asset.
Platypus has a total value locked (TVL) of $39.2 million, as reported by the on-chain data platform DeFiLlama (TVL). Since reaching a peak of $1.2 billion in March of 2022, the TVL of the protocol’s native token has been dramatically declining.
The team responsible for the protocol expressed gratitude to ZachXBT and Binance for their contributions to the investigation into the hacker’s identity.
The Flash Loan Attack On Platypus
A flash loan in the attack launched against Platypus is structurally comparable to the attack against Mango Markets about two months ago. Flash loans aren’t fundamentally unethical because they were designed from the beginning to be utilized as a tool for traders searching for hedging possibilities.
This attack took advantage of a flaw in USP’s smart contracts, which automatically check for the security strength of the network at set times. News outlets report that the attacker used cryptocurrency that they had bought from Aave to make a trading pool on Platypus more liquid.
After that, the smart contracts made a token called LP-USDC for the liquidity provider and put it in a staking contract that was part of the protocol. This enabled them to take out loans against their LP positions in the form of USP stablecoins and withdraw all of their funds to Aave to settle the flash loan.
Platypus expects to return at least 63% of users’ assets. This comes after the company retrieved a portion of the $9 million earlier stolen from the protocol.