Decentralized finance (DeFi) company Platypus is working on a compensation plan for user losses after a flash loan attack it drained nearly $8.5 million from the protocol, affecting its peg to the stablecoin dollar.
In a February 18 tweet, Platypus revealed that it was working on a plan to compensate for the damages and asked users not to realize their losses in the protocol, saying this would make it more difficult for the company to handle the issue. The asset divestment is also on pause, the protocol said:
2/ We are working on a plan to make up for losses, DO NOT pay your USP and take losses. It would be easier for us to handle the damage. Also, you don't have to worry about the sale since the sale is on pause, the stability fee will not be counted after the attack.
โ Platypus (++) (@Platypusdefi) February 18, 2023
According to the firm, there are currently different parties involved in the process of recovering the funds, including law enforcement officials. More details about the next steps will be released soon, Platypus said.
Part of the funds are blocked in the Aave protocol. Platypus is exploring a method to potentially recover the funds, which would require approval of a recovery proposal in Aave's governing forum.
CertiK Blockchain Security Company first reported flash loan attack on the platform through a February 16 tweet, along with the contract address of the alleged attacker. Nearly $8.5 million was moved from the protocol, and as a result, the Platypus USD stablecoin was de-pegged from the US dollar, falling to $0.33 at the time of writing.
"The attacker used a flash loan to exploit a logical error in USP's credit check mechanism in the contract holding the guarantee," the company said. A possible suspect has been identified.
A post-mortem technical analysis carried out by the auditing company Omniscia revealed that the attack was possible by incorrectly placed code after being audited. Omniscia audited a version of the MasterPlatypusV1 contract from November 21 to December 5, 2021. However, the version "contained no integration points with an external system platypusTreasure" and therefore did not contain the messy lines of code.
The flash loan attack exploits the security of a platform's smart contract to borrow large amounts of money without collateral. Once a cryptocurrency asset has been manipulated on one exchange, it is quickly sold on another, allowing the exploiter to profit from price manipulation.
Post navigation
Previous Post
SEC fines Paul Pierce $1.4 million over crypto promotion
