A potential suspect has been identified over the $8.5 million attack on decentralized finance protocol Platypus, which saw $8.5 million drained from the protocol.
Blockchain security firm CertiK first reported the flash loan attack on the Avalanche-based stable swap platform through a tweet on Feb.16, alongside the alleged attacker’s contract address.
According to CertiK, nearly $8.5 million has been already been moved. As a result, the Platypus USD stablecoin became de-pegged from the U.S. dollar, dropping 52.2% to $0.478 at the time of writing.
We are seeing a #flashloan attack on @Platypusdefi resulting in a potential loss of ~$8.5M.
Tx AVAX: 0x1266a937c2ccd970e5d7929021eed3ec593a95c68a99b4920c2efa226679b430
Stay Frosty! pic.twitter.com/AM2HOM5M2r
— CertiK Alert (@CertiKAlert) February 16, 2023
Platypus later confirmed the hack on Twitter, while a moderator of Platypus’ Telegram group confirmed that Platypus has halted trading.
“The attacker used a flashloan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral.”
Platypus confirmed a loss of “8.5 million” from its main pool and said that deposits were covered at 85%. Other pools were unaffected. The company has contacted the hacker to negotiate a bounty for the return of the funds.
Tether Holdings has frozen the USDT stolen, and Platypus had reached out to Circle and Binance to freeze other stolen tokens.
We regret to inform you that our protocol was hacked recently, and the attacker took advantage of a flaw in our USP solvency check mechanism. They used a flashloan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral.
— Platypus (++) (@Platypusdefi) February 17, 2023
A tweet from crypto “on-chain sleuth” ZachXBT has called out a now-deleted Twitter account going by @retlqw, alleging that the addresses identified by Platypus are linked to the account.
“I’ve traced addresses back to your account from the @Platypusdefi exploit and I am in touch with their team and exchanges. We’d like to negotiate returning of the funds before we engage with law enforcement,” said ZachXBT.
Platypus’ official Twitter account has also retweeted the message from ZachXBT
Hi @retlqw since you deactivated your account after I messaged you.
I’ve traced addresses back to your account from the @Platypusdefi exploit and I am in touch with their team and exchanges.
We’d like to negotiate returning of the funds before we engage with law enforcement. pic.twitter.com/oJdAc9IIkD
— ZachXBT (@zachxbt) February 17, 2023
A flash attack is the same method used by Avi Eisenberg when he allegedly manipulated the price of Mango Markets’ MNGO coin in October. Eisenberg said shortly after the exploit that he believed “all of our actions were legal open market actions, using the protocol as designed.” Eisenberg was arrested on fraud charges on Dec. 28.
Update Feb. 17, 4:53 am UTC: Added a tweet from ZachXBT relating to the possible identity of the Platypus flash loan attacker.