DeFi Protocol Platypus to Repay at Least 63% of User Funds After $9M Hack
The Avalanche-based protocol worked with crypto exchange Binance to identify the exploiter responsible for last week's attack.
The protocol also worked with crypto exchange Binance to confirm the exploiter’s identity. The hacker used a Binance account that went through know-your-customer checks for a withdrawal request. Platypus said it contacted law enforcement and filed a complaint in France.
The Platypus hack last week exploited a bug in the platform’s solvency check mechanism to steal $9.2 million of digital assets, leading to its native stablecoin USP yo lose its dollar peg.
The exploit consisted of three consecutive attacks, the post explained. The first and most severe drained a total of $8.5 million in stablecoins, including Circle’s USDC, Tether’s USDT, Maker’s DAI and Paxos’ binance USD from the protocol’s main pool.
The protocol recovered $2.4 million of stolen USDC stablecoins with the help of blockchain security firm BlockSec. Additionally, Tether froze $1.5 million of stolen USDT, according to the post.
The second attack mistakenly transferred $380,000 of stablecoins to lending protocol Aave. Platypus has submitted a proposal to Aave’s governance forum for the release of those assets.
Some $287,000 worth of assets were stolen in the third attack. The protocol considered the funds unrecoverable and lost, as the exploiter ran the stolen assets through crypto mixer Tornado Cash and encryption service Aztec Network, according to the post.
In the blog post, the protocol said it hadn't used its $1.4 million treasury to compensate victims of the hack, but might do so over the next six months if Platypus cannot recover more assets.
“This compensation plan ensures that a minimum of 63% of the funds will be distributed to users, regardless of any further update on fund recovery,” the Platypus post said.
If Tether agrees to remint the frozen USDT to Platypus and Aave approves the recovery proposal, then 78% of user funds will be recovered.
Platypus said it aims to restart the stablecoin swap protocol next week, without its depegged stablecoin, USP.
The Platypus exploit is the latest example of crypto’s rampant problem with hackers. Last year, hackers stole $3.8 billion in crypto assets, primarily from DeFi platforms such as Platypus, according to a report by blockchain security firm Chainalysis.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.