Platypus Finance recovers 90% of assets lost in exploit

Decentralized finance (DeFi) protocol Platypus Finance said it had recovered 90% of assets that were stolen in a security breach last week.

According to the October 17 announcement, developers said the protocol’s net loss was limited to “18,000 Avalanche,” worth $167,400 at the time of publication. As the hacker voluntarily returned the funds, Platypus Finance stated it “will guarantee that no legal action will be pursued.” Developers also hinted that withdrawal information regarding users’ assets will soon be posted.

On October 12, the automated market maker running on the Avalanche blockchain suffered three separate flash loan attacks that drained the protocol of $2.23 million. In 2021, the project raised $3.3 million in funding led by the now-defunct crypto hedge fund Three Arrows Capital.

Since the most recent attack, Platypus developers have halted all liquidity pools and are conducting a security audit. In a flash loan attack, a hacker exploits a vulnerability that allows them to instantaneously borrow crypto without providing the necessary collateral for the transaction. The hacker then withdraws the borrowed assets from the protocol, leaving behind bad debt for the users or protocol treasury to bear. 

This was the third attack against Platypus this year, with a prior incident in July draining $157,000 via a flash loan attack and another, also a flash loan attack, exploiting the DeFi protocol for $8.5 million. Following the February incident, Platypus claimed that it would return at least 63% of users’ assets lost in the attack via its recovery plan. 

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: Mt. Gox collapse saw birth of Chainalysis