Platypus reveals compensation plan for users' funds after attack

Published at: Feb. 23, 2023

Decentralized finance (DeFi) protocol Platypus disclosed details of a recent $9.1 million exploit, alongside efforts to recover the funds, and a compensation plan for victims.

In a Medium post on Feb. 23, the company revealed that a logic error in the USP solvency check mechanism within the collateral-holding contract was responsible for the three separate attacks carried out by the same exploiter. Stableswap's operations have not been affected, said Platypus.

Since the attack, we've been working with security experts & stakeholders to recover lost funds, trace the hacker, and explore potential solutions to retrieve trapped funds.Here's an update on the progress made thus far Check our medium for more infohttps://t.co/VoNYl9MAtd

— Platypus (++) (@Platypusdefi) February 23, 2023

Several stablecoins and other assets were stolen in the attacks. Approximately $8.5 million in assets were stolen in the first attack. In the second incident, roughly 380,000 assets were mistakenly sent to the Aave v3 contract. The third attack resulted in the theft of approximately $287,000 in assets.

Platypus' recovery plan wil return at least 63% of the main pool funds. Following the attack, nearly 35.4% of the funds remained in the pool, and 2.4 million USD Coin (USDC), or 17.7% of pre-attack assets, had been recovered. Another 1.4 million (10.4% of pre-attack assets) in treasury will also be used to compensate LP's losses within six months if the stolen funds are not recovered. The company stated:

"We are currently discussing with various parties to help recreate stablecoins that were trapped in the attack contract. Once any stablecoins are retrieved, we will distribute the reminted tokens to LPs on a pro-rata basis."

Platypus is also working with the Aave protocol to recover locked assets worth around $380,000. A proposal seeking to retrieve the funds will be voted on Aave's governance forum. "Once the proposal is approved, we will partner with the Aave team to create a recovery contract that will transfer the exploited funds from the Aave pool to Platypus’ contract." The company also noted:

" [...] if our proposal submitted to Aave is approved and Tether confirms reminting the frozen USDT, we will be able to recover approximately 78% of user’s funds."

Blockchain security firm CertiK first reported the flash loan attack on the platform through a tweet on Feb.16. Flash loan attacks violate the smart contract security of a platform to borrow large amounts of money without collateral. The attack resulted in the depegged of Platypus USD (USP) stablecoin from the U.S. dollar, dropping to near $0.32 at the time of writing, according to CoinGecko. 

Tags
Related Posts
Poly Network hacker returns nearly all funds, refuses $500K white hat bounty
The hacker behind a $610 million attack on the cross-chain decentralized finance (DeFi) protocol Poly Network has returned almost all of the stolen funds amid the project saying their actions constituted “white hat behavior.” According to a Thursday update on the attack from Poly Network, all of the $610 million in funds taken in an exploit that used "a vulnerability between contract calls” have now been transferred to a multisig wallet controlled by the project and the hacker. The only remaining tokens are the roughly $33 million in Tether (USDT), which were frozen immediately following news of the attack. The …
Business / Aug. 12, 2021
The aftermath of Axie Infinity’s $650M Ronin Bridge hack
In late March, Ronin, an Ethereum sidechain built for the popular play-to-earn nonfungible token game Axie Infinity, was hacked for over 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) for a combined value of over $600 million. The breach on the Ronin bridge was confirmed by Sky Mavis, the developers behind the popular play-to-earn (P2E) game: There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP — Ronin (@Ronin_Network) March 29, 2022 The official report from the company noted that the hackers managed to get access to private keys to validator nodes resulting in the compromise of five validator …
Blockchain / April 12, 2022
Web3 is the solution to Uber’s problem with hackers
Uber is a staple of the gig economy, for better or worse, and a disruptor that once sent shockwaves throughout the mobility space. Now, however, Uber is being taken for a ride. The company is handling a reportedly far-reaching cybersecurity breach. According to the ride-hailing giant, the attacker has not been able to access sensitive user data, or at least, there is no evidence to suggest otherwise. Whether or not sensitive user data was exposed, this case points to a persistent issue with today’s apps. Can we continue to sacrifice our data — and thereby our privacy and security — …
Defi / Oct. 1, 2022
Binance and Huobi freeze $1.4M in crypto linked to North Korean hackers
Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to the $100 million Harmony Horizon bridge attack on Jun. 24, 2022. Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea. The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen. Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks …
Blockchain / Feb. 15, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023