French police have arrested two suspects in connection with the $9.1 million Platypus exploit, and 210,000 euros ($222,000) worth of cryptocurrency has been seized, according to the local authorities. 

Investigations leading to the arrests were supported by on-chain sleuth ZachXBT and crypto exchange Binance, Platypus said. The same exploiter compromised the decentralized protocol in three flash loan attacks on Feb. 16.

The attacks resulted in the theft of several stablecoins and other digital assets. The first attack resulted in the theft of approximately $8.5 million in assets. In the second incident, approximately $380,000 in assets were mistakenly sent to the Aave v3 contract. In the third attack, roughly $287,000 was stolen. The attack resulted in the Platypus USD (USP) stablecoin depegging from the United States dollar. 

Perpetrators used a flash loan method to explore a logic error in the USP solvency check mechanism within the collateral-holding, Platypus recently confirmed. The stable swap operations have not been affected.

A flash attack is the same method used by Mango Markets exploiter Avi Eisenberg, who claimed responsibility for manipulating the Mango (MNGO) price in October 2022. After the exploit, Eisenberg said that “all of our actions were legal open market actions, using the protocol as designed.” Eisenberg was arrested in Puerto Rico on fraud charges on Dec. 28.

Platypus announced a plan to return funds to affected users on Feb. 23. According to the protocol, 63% of the main pool funds will be returned within six months. As per the plan, reminting frozen stablecoins could recover 78% of the funds. “If our proposal submitted to Aave is approved and Tether confirms reminting the frozen USDT, we will be able to recover approximately 78% of user’s funds,” noted the protocol.