The flash loan attack caused Platypus Finance’s stablecoin to drop more than 52%. The estimated loss from the security incident is about $8.5 million, according to CertiK.
On the evening of February 16, the DeFi Platypus Finance protocol was hacked flash loan with ~$8.5 million in damages, blockchain security firm CertiK reports the incident.
We are seeing you #flashloan attack on @Platypusdefi resulting in a potential loss of ~$8.5M.
Tx AVAX: 0x1266a937c2ccd970e5d7929021eed3ec593a95c68a99b4920c2efa226679b430
Stay Frosty! pic.twitter.com/AM2HOM5M2r
— CertiK Alert (@CertiKAlert) February 16, 2023
The method of infiltration used by criminals is flash lending, ie hot borrowing a large amount of money from lending platforms, then using them to manipulate the price difference and profit.
According to the announcement from the project, The attacker took advantage of a vulnerability in the USP payment mechanism. Song, hCurrently all activities are paused until Platypus complete the investigation.
We regret to inform you that our protocol was hacked recently, and the attacker took advantage of a flaw in our USP solvency check mechanism. They used a flashloan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral.
— Platypus (🦆+🦦+🦫) (@Platypusdefi) February 17, 2023
After the attack, the price of Platypus USD (USP) – the stablecoin of the protocol immediately dropped from the 1 USD peg, down to 0.48 USD and has not shown any signs of recovery.
Platypus is an automated market maker on Avalanche. There is currently around $45.3 million in locked-in assets (TVL) on the protocol. At its heyday in March 2022, Platypus Finance saw $1.2 billion in TVL, according to DeFiLlama.