Reserved IP Address°C
04-26-2025
BSV
$42.66
Vol 426.49m
18.83%
BTC
$94356
Vol 34034.62m
0.76%
BCH
$362.82
Vol 318.64m
-0.82%
LTC
$86.83
Vol 385.55m
2.39%
DOGE
$0.18
Vol 2077.63m
0.87%
Getting your Trinity Audio player ready...

French police have arrested suspects alleged to have stolen over $8 million from the decentralized finance (DeFi) platform Platypus Finance.

The hackers attacked Platypus on February 17, exploiting a flaw in a key pricing mechanism of the DeFi platform. They took off with $8.5 million in the first attack, $380,000 in the second, and $287,000 in the third. Inadvertently, the hacker sent the proceeds of the second attack to Aave, a lending protocol.

The two hackers have now been arrested in France, authorities confirmed.

Following the attack, the price of USP, the Platypus network’s “over-collateralized” stablecoin, depegged, shedding half its value in hours. At press time, USP is trading at 32 cents.

The attack on Platypus was based on an exploitation of a flaw in the platform’s USP solvency check mechanism. The hackers tricked the platform’s smart contracts to indicate that their USP was fully collateralized.

As blockchain analysis revealed, the hackers relied on a flash loan to execute the attack. This is a loan advanced without collateral that must be paid within the same transaction. While they aren’t inherently bad, they have been exploited by several hackers to manipulate prices on DeFi platforms and steal millions of dollars.

In the Platypus case, the attackers borrowed $44 million in a flash loan from Aave. They then supplied liquidity to one of the Platypus liquidity pools, minted 41 million USP, and initiated an emergency withdrawal of $44 million. The Platypus smart contracts could not detect the error and retract the 41 million USP. The hackers then exchanged the USP for $8.5 million in USDC, DAI, USDT, and Binance USD.

Since the hack, Platypus has recovered $2.4 million worth of USDC. Tether also froze $1.5 million of the stolen USDT. Some assets were unrecoverable as they were channeled through Tornado Cash, the infamous Ethereum-based digital assets mixer.

Blockchain sleuths were able to track the stolen assets and pinned down the hacker.

Watch: Law & Order Regulatory Compliance for Blockchain & Digital Assets

Recommended for you

Binance shores up compliance gaps in South Africa
Binance said that users must now provide the details of senders and beneficiaries when depositing or withdrawing tokens amid rising...
April 25, 2025
Bitails stress tests BSV with 3B UTXOs—how robust is it?
The tests, which began just over a week ago, are designed to validate upgrades to Bitails' infrastructure and codebase, as...
April 25, 2025
Advertisement
Advertisement
Advertisement