Key Takeaways:
- CertiK, a blockchain security firm, discovered a flash loan invasion on Platypus DeFi, an Avalanche-based stableswap platform.
- The abrupt loss of more than 52% in Platypus USD is supported by on-chain data and a flash loan attack.
In a flash loan attack, the Platypus DeFi protocol, which is AVAX-based, was hacked for almost $8.5 million.
Web3 security company Certik Alert posted the first tweet about the exploit. On its Twitter account, Platypus acknowledged the upsetting occurrence and stated that it had contacted the hacker to discuss a settlement.
Platypus also stated that it was working with companies like Binance, Tether, and Circle to get the malicious performer’s funds frozen in order to stop additional damage. According to the protocol, hackers exploited a flash loan to take advantage of a flaw in the USP solvency check system in the contract including the collateral.
Simply put, a flash loan is a crypto loan that is obtained and returned in the same transaction. However, this facility drew nefarious operators who would take out big loans and utilise the money to influence the market to their advantage.
DeFi Protocol dForce had a $3.6 million exploit last week as a result of a flash loan attack. By manipulating the price of wrapped staked ETH in the Curve vault, the attacker in this case was able to liquidate many flash loan positions using the wstETHCRV-gauge as collateral (wstETHCRV-gauge).
Platypus acknowledged a “8.5 million” loss from its primary pool but stated that deposits were covered to an extent of 85%. The other pools weren’t impacted. The protocol has gotten in touch with the hacker to discuss a reward for the money’s recovery.
According to Coingecko, the attack caused a 52.3% drop in the price of Platypus USD (USP), which is now trading at roughly $0.476800 as opposed to $1 per USP.
According to ZachXBT, a “On-chain sleuth,” the address revealed by the Avalanche-based Platypus protocol is connected to the Twitter handle “retlqw.” The Twitter account has now been terminated, though.