A potential suspect has been identified over the $8.5 million attack on decentralized finance protocol Platypus, which saw $8.5 million drained from the protocol.
Blockchain security firm CertiK first reported the flash loan attack on the Avalanche-based stable swap platform through a tweet on Feb.16, alongside the alleged attacker's contract address.
According to CertiK, nearly $8.5 million has been already been moved. As a result, the Platypus USD stablecoin became de-pegged from the U.S. dollar, dropping 52.2% to $0.478 at the time of writing.
Platypus later confirmed the hack on Twitter, while a moderator of Platypus’ Telegram group confirmed that Platypus has halted trading.
“The attacker used a flashloan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral.”
Platypus confirmed a loss of “8.5 million” from its main pool and said that deposits were covered at 85%. Other pools were unaffected. The company has contacted the hacker to negotiate a bounty for the return of the funds.
Tether Holdings has frozen the USDT stolen, and Platypus had reached out to Circle and Binance to freeze other stolen tokens.
A tweet from crypto "on-chain sleuth" ZachXBT has called out a now-deleted Twitter account going by @retlqw, alleging that the addresses identified by Platypus are linked to the account.
"I've traced addresses back to your account from the @Platypusdefi exploit and I am in touch with their team and exchanges. We'd like to negotiate returning of the funds before we engage with law enforcement," said ZachXBT.
Platypus' official Twitter account has also retweeted the message from ZachXBT
A flash attack is the same method used by Avi Eisenberg when he allegedly manipulated the price of Mango Markets’ MNGO coin in October. Eisenberg said shortly after the exploit that he believed “all of our actions were legal open market actions, using the protocol as designed.” Eisenberg was arrested on fraud charges on Dec. 28.
Update Feb. 17, 4:53 am UTC: Added a tweet from ZachXBT relating to the possible identity of the Platypus flash loan attacker.