Platypus Finance, a decentralized finance (DeFi) protocol for stablecoins, yesterday announced that french authorities had arrested and summoned two suspects who had reportedly exploited their platform earlier.
Platypus thanked the France National Police, Binance, and ZackXBT for helping identify and track the suspects.
The three-stage hack
The hack occurred in three stages, Platypus explained in a blog post. The first stage was the most severe, with $8.5m in stablecoins such as Tether’s USDT, Circle’s USDC, Maker’s DAI, and Binance’s BUSD being drained from the DeFi protocol’s main pool.
With assistance from the blockchain security company, BlockSec, following the hack, Platypus recovered $2.4m of the stolen USDC stablecoins. In addition, Tether froze $1.5m in stolen USDT.
The second attack accidentally transferred $380,000 worth of stablecoins to the popular lending protocol Aave. Platypus reached out to Aave’s governance forum to release those assets.
During the third and final attack, the hacker stole $287,000 worth of unrecoverable assets as they moved them through the crypto mixer Tornado Cash and the encryption service Aztec Network.
According to Platypus, they had $1.4m in treasury reserves but hadn’t used them to pay the hacking victims anything. But, they might have to spend treasury funds if the protocol could not recover more assets over the subsequent six months.
If Tether could assist with defrosting the frozen, 78% of the users’ monies would be recovered thanks to USDT and Aave’s approval of the recovery request. The following week, Platypus announced they would revive the stablecoin swap protocol sans the depegged stablecoin, USP.
Platypus to compensate victims
On Feb. 23, the DeFi platform laid out a compensation plan, saying it would repay a minimum of 63% of the funds to users affected by the recent exploit.
Hackers drained more than $9m from the protocol last week. Platypus worked with crypto exchange Binance to confirm the exploiter’s identity. The hacker was using a Binance account that had gone through KYC checks for a withdrawal request. Platypus stated they had contacted law enforcement and filed a complaint in France.
During the hack, the hacker exploited a bug in the platform’s solvency check mechanism, stealing $9.2m of digital assets and causing the platform’s native stablecoin USP to lose the dollar peg.
While the recovery process is ongoing, Platypus Finance remains committed to providing its users with a secure and reliable platform for their financial needs.