A French court took no action against two brothers, Mohammed, and Benamar M, after clearing them of all criminal charges in the $8.5 million theft from the decentralized finance (DeFi) protocol Platypus.
By draining and transferring $8.5 million from Platypus via a flash loan attack on February 16, hackers compelled the protocol to suspend trading services pending the resolution of the issue.
Preliminary inquiries identified Mohammed M. as the guilty individual, exploiting a code error to execute a complete asset withdrawal via an unsecured loan.
Tracking the stolen funds’ whereabouts ultimately led to Mohammed and his sibling Benamar M., with the assistance of Binance’s security team and independent crypto investigators.
From their indefinite detention on February 24 until their court hearing on October 26, the brothers maintained the guise of “ethical hackers” while acknowledging responsibility for the theft and diversion of the funds. Additionally, the hackers disclosed to the Parisian court that they were willing to reimburse the funds in consideration for ten percent of the loot.
The brothers acquitted themselves of all criminal charges due to the resemblance to an endeavor to obtain a bug bounty. During the exploit, a wallet became entrapped in 7.8 million euros worth of cryptocurrency tokens, rendering them inaccessible.
Amid legal proceedings on the breach, Platypus recently experienced a flash loan exploit-related loss of $2.2 million.
The blockchain security firm CertiK investigation unveiled that the breach on October 12 was executed in three distinct phases, wherein $2.23 million, $575,000, and $450,000 in different cryptocurrencies were stolen in each attack.
On October 17, Platypus successfully recovered 90% of the stolen funds after reaching a compromise with the perpetrator.