Platypus is developing a compensation plan for customers losses as a flash loan attack drained over $8.5 million.
In a tweet on February 18, Platypus requested users not to realize their losses in the protocol because doing so would make it more difficult for the company to handle the situation. The company said it was working on a plan to compensate the damages. The protocol stated that asset liquidations are also suspended:
The firm claims that numerous parties, including law enforcement authorities, are presently involved in the effort to retrieve the funds. Platypus stated that more information regarding the following measures will be made public soon.
The Aave protocol has locked up a portion of the cash. The possibility of recovering the monies is being investigated by Platypus; however, doing so would necessitate the governing forum of Aave approving a recovery plan.
On February 16, the blockchain security company CertiK tweeted about the platform’s flash loan attack for the first time, along with the contract address of the alleged attacker.
The Platypus USD (USP) stablecoin depegged from the U.S. dollar as a result of the over $8.5 million that was removed from the protocol, falling to $0.33 at the time of writing.
The contract holding the collateral contained a logic flaw in the USP solvency check process, which was exploited by the attacker using a flash loan, according to the business. There is a possible suspect in the picture.
The attack was made possible by improperly positioned code, according to a technical post-mortem examination carried out by auditing firm Omniscia after it was audited.
From November 21 to December 5, 2021, Omniscia audited a particular iteration of the MasterPlatypusV1 contract. But, the version “had no integration points with an external platypusTreasure system” and, as a result, did not have the erroneous line breaks.
The flash loan assault makes use of a platform’s smart contract security to get massive unsecured loans. A bitcoin asset that has had its price manipulated on one exchange is promptly sold on another, allowing the manipulator to make money.
