Platypus DeFi faces flash loan attack, according to CertiK
The market maker is used to swap stable coins on the Avalanche blockchain; it has a total locked value of $46 million, according to DefiLlama.
Blockchain security firm CertiK has reported a flash loan attack on Avalanche-based stable swap platform Platypus DeFi. The blockchain security firm posted the news in a tweet, alongside the alleged attacker’s contract address.
According to CertiK, nearly $8.5 million has been already been moved. As a result, the Platypus USD stablecoin became depegged from the U.S. dollar and dropped 52.2% to $0.478 at the time of writing.
We are seeing a #flashloan attack on @Platypusdefi resulting in a potential loss of ~$8.5M.
Tx AVAX: 0x1266a937c2ccd970e5d7929021eed3ec593a95c68a99b4920c2efa226679b430
Stay Frosty! pic.twitter.com/AM2HOM5M2r
— CertiK Alert (@CertiKAlert) February 16, 2023
A moderator of Platypus’ Telegram feed said it had halted trading, Platypus confirmed the hack on Twitter at 12:16 UTC. It explained:
“The attacker used a flashloan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral.”
Platypus confirmed a loss of “8.5 million” from its main pool and said that deposits were covered at 85%. Other pools were unaffected. The company had contacted the hacker to negotiate a bounty for the return of the funds. Tether has frozen the USDT stolen, and they had reached Circle and BUSD to freeze the fund.
Dear Community,
We regret to inform you that our protocol was hacked recently, and the attacker took advantage of a flaw in our USP solvency check mechanism. They used a flashloan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral.— Platypus (++) (@Platypusdefi) February 17, 2023
A flash attack is the same method used by Avi Eisenberg when he allegedly manipulated the price of Mango Markets’ MNGO coin in October. Eisenberg said shortly after the exploit that he believed “all of our actions were legal open market actions, using the protocol as designed.” Eisenberg was arrested on fraud charges on Dec. 28.
This is developing story and more information will be added as it becomes available.