Based on the decentralized finance (DeFi) protocol, a variety of parties are now involved in the fund’s recovery process, consisting of legal enforcement officers.
Decentralized finance (DeFi) company Platypus is working on a strategy to help compensate users’ losses after a flash loan attack drained almost $8.5 million from the protocol, impacting its stablecoin dollar peg.
In a February 18 tweet, Platypus announced that it is now working on a plan to compensate most of the damages and directed its users not to realize their losses in the protocol, stating that such a scenario would make it harder for the firm to manage the issue. Assets liquidation is also suspended, according to the protocol:
https://twitter.com/Platypusdefi/status/1626968743623675904
Based on the firm, various parties are now involved in the funds’ recovery process, including legal enforcement officials. More details about the next steps will be revealed soon, as highlighted by Platypus.
Some of the funds are locked up in the Aave protocol. For now, Platypus is exploring a strategy to possibly recover the funds, which would need the approval of a recovery proposal from Aave’s governance forum.
CertiK, a blockchain security company, first reported this flash loan attack on the platform via a tweet on February 16, together with the supposed attacker’s contract address. About $8.5 million was moved from the protocol, and because of the incident, the Platypus USD stablecoin got de-pegged from the US dollar, plunging to $0.33 at the time of publication.
The company stated:
“The attacker used a flash loan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral.”
A possible suspect has already been identified.
An intensive technical post-mortem analysis done by Omniscia auditing firm confirmed that this attack was made possible by incorrectly placed code after it was already audited. Omniscia audited a version of the MasterPlatypusV1 contract between November 21 and December 5, 2021. That version, nonetheless, “contained no integration points with an external platypusTreasure system” and thus did not have the disordered lines of code.
Buy Bitcoin NowThat flash loan attack exploits the smart contract security of a platform to borrow huge amounts of money without needing any collateral. After a crypto asset is manipulated on one exchange, it is rapidly sold on another, enabling the exploiter to profit heavily from the price manipulation.
