DeFi Protocol Platypus Recovers Millions in Stolen USDC After Hack
DeFi protocol Platypus recently suffered a hack, resulting in almost $9.1 million being lost.
However, blockchain security firm BlockSec was able to recover at least 2.4 million USDC, freeze $8.5 million in the contract they were transferred to, and accidentally receive $380,000 from a second attempt to exploit back to Aave.
The attacker could only cash out $270,000, as revealed by MetalSleuth, a visualization tool from Blocksec.
BlockSec retrieved the stolen funds by exploiting a loophole in the attacker’s contract, taking advantage of a callback function that approved USDC to the project’s contract and withdrew it from the attacker’s contract.
During the callback function, the attacker hardcoded the logic to approve USDC to the project’s contract, which is a proxy. This callback function was used in the attack, as it lacked access control.
BlockSec’s successful recovery of the stolen funds demonstrates the importance of blockchain security measures in protecting assets and mitigating losses.