The DeFi software Platypus Finance has suffered a $9 million assault, in accordance with a sequence of tweets from the blockchain safety agency CertiK on Feb. 16.
That report states that an attacker used flash loans on the Avalanche (AVAX) blockchain to take advantage of a operate in one among Platypus’ sensible contracts.
The attacker deposited $44 million of stablecoins into the appliance. With the belongings obtained, the attacker might mint an identical quantity of Platypus’ USP stablecoin (41.79 million USP). The attacker then exploited an emergency withdrawal operate to entry the unique $44 million deposit and the minted USP. Lastly, the attacker swapped the USP for different belongings earlier than paying again the mortgage.
The ultimate distinction, and the estimated loss for Platypus, was $9 million. A lot of the stolen funds reportedly stay within the attacker’s contract tackle, although some have been despatched to sure swimming pools. Presumably, a portion of that quantity will be returned or recovered.
Platypus confirmed the flash mortgage assault in a message on Telegram and Discord. It wrote that it’s assessing the state of affairs and can pause operations.
This line of assault will not be distinctive to Platypus. A number of different DeFi platforms have been focused by flash loans in current months, together with Mango Markets in October, New Free DAO in September, Nirvana Finance final July, and Deus DAO final April.