DeFi Platform Hacked for $9 Million
On Feb. 16, CertiK, a blockchain security firm, posted a series of tweets reporting that Platypus Finance, a DeFi application, had been hit with a $9 million attack.
The attacker used flash loans on the AVAX blockchain to exploit a function in one of Platypus’ smart contracts. By depositing $44 million in stablecoins into the application, the attacker was able to mint around 41.79 million USP, which is Platypus’ stablecoin.
Then, the attacker took advantage of an emergency withdrawal function to access the original deposit and the minted USP, eventually swapping the USP for other assets and repaying the loan. The attack left Platypus with a loss of $9 million.
While most of the stolen funds are still in the attacker’s contract address, some have been sent to certain pools, and some of that amount may be recoverable. This is not the first time that flash loans have been used to target DeFi platforms.
Other examples include attacks on Mango Markets, New Free DAO, Nirvana Finance, and Deus DAO. Platypus confirmed the attack in a message on Telegram and Discord, saying it would pause operations while it assesses the situation.