Platypus Finance, a decentralized finance (DeFi) platform for stablecoins, announced a significant payout on Thursday, February 23, 2018, for users affected by the recent exploit.
Hackers extracted over $ 9 million from the protocol the previous week using a severe exploit. After successfully recouping the monies, Platypus promised its customers that it would return at least 63 percent of the funds. To establish the hacker's identity, the DeFi protocol Platypus collaborated with the cryptocurrency exchange Binance.
The hacker made a withdrawal request using a Binance account previously verified by KYC procedures. According to DeFi protocol Platypus, the company has communicated with French law enforcement and lodged a report about the incident.
A security flaw in the solvency check method of Platypus was taken advantage of by the hacker who attacked the platform a week ago. Consequently, the hacker was able to steal digital assets worth a total of $9.2 million, which resulted in the native stablecoin USP of the platform losing its dollar peg.
The Platypus Defi Protocol Attacked Three Times in a Row
Platypus described (1) the exploit as consisting of three separate attacks that occurred one after another. The initial attack was one of the most severe, and it caused a total of $8.5 million worth of stablecoins to be removed from the primary pool of the DeFi protocol.
These stablecoins included Tether's USDT, Circle's USDC, Maker's DAI, and Binance's BUSD.
With blockchain security company BlockSec, the DeFi protocol successfully recovered $2.4 million worth of USDC stablecoins that had been stolen. In addition, Tether froze a total of $1.5 million worth of stolen USDT.
The second hack had accidentally transferred stablecoins worth $380,000 to the widely used Aave protocol. Platypus, the DeFi protocol, communicated with Aave's governance forum to obtain permission to disclose those assets.
The third assault resulted in the theft of assets for $287,000 worth. Because the hacker moved the stolen assets through the cryptocurrency mixer Tornado Cash and the encryption provider Aztec Network, Platypus is forced to consider these monies irretrievable and lost.
Platypus acknowledged in the blog post that it had not drawn from its treasury reserves of $1.4 million to provide restitution to the individuals compromised by the hack. But, if Platypus could not collect any additional assets within the next half year, they might be forced to spend the monies from the treasury.
If Tether can assist in recalling the frozen USDT and Aave approves the recovery request, a total of 78% of the cash belonging to users will be retrieved. The DeFi player mentioned they are considering regaining access to the stablecoin swap protocol the next week but without the debugged stablecoin USP.