DeFi application Platypus Finance was attacked for $9 million, according to a series of tweets from blockchain security firm CertiK on February 16.

According to the report, attacker Avalanche (AVAX) blockchain used flash loans to exploit the power of Platypus smart contracts.

Attackers deposited $44 million in stablecoins into the application. The attacker can use the acquired assets to mint the same amount of his Platypus her USP stablecoin (41.79 million USP). The attackers then exploited the emergency withdrawal feature to access his original $44 million deposit and minted USP. Finally, the attacker traded his USP for other assets before paying off the loan.

The final difference and Platypus’ estimated loss was $9 million. Most of the stolen funds are reported to remain in the attacker’s contracted address, but some have been sent to specific pools. Presumably, some of that amount could be returned or recovered.

Platypus confirmed flash loan attacks in Telegram and Discord messages. We are assessing the situation and wrote that we will suspend operations.

This chain of attacks is not unique to Platypus. Several other DeFi platforms have been targeted for flash loans in recent months, including Mango Markets in October, New Free DAO in September, Nirvana Finance last July and Deus DAO last April.

Update: Platypus has recovered $2.4 million from attacks as of February 18.

The post Platypus Finance hacked $9 million in Avalanche first appeared on CryptoSlate.

By Jules

Leave a Reply