The DeFi application, Platypus Finance was the target of a $9 million attack according to the blockchain security firm CertiK.
According to the report, a hacker took advantage of a feature in one of Platypus’ smart contracts by using flash loans on the Avalanche (AVAX) blockchain.
Stablecoins worth $44 million were added to the application by the attacker. The attacker may mint a comparable number of Platypus’ USP stablecoins with the assets they took (41.79 million USP).
The attacker then gained access to the first $44 million deposit and the newly created USP by abusing an emergency withdrawal feature. Before repaying the money, the attacker finally exchanged the USP for other assets.
The total discrepancy, together with Platypus’ anticipated loss, was $9 million. Although part of the stolen money has apparently been moved to certain pools, the majority reportedly still resides at the attacker’s contract address.
Such money can probably be repaid or recovered in part. The flash loan assault was confirmed by Platypus in a message posted on Telegram and Discord. It stated that it will suspend operations while it assesses the situation.
This strategy is not exclusive to Platypus. Flash loans have recently been used to attack a number of additional DeFi platforms, including Mango Markets in October, New Free DAO in September, Nirvana Finance in July, and Deus DAO in April.
