DeFi project Platypus Finance on the Avalanche network fell victim to an attack, losing about $2 million in digital assets. PeckShield analysts were the first to notice this.
Update: total loss >$2m pic.twitter.com/JnJQjn4Aik
— PeckShieldAlert (@PeckShieldAlert) October 12, 2023
After the hack was reported, the project temporarily stopped all liquidity pools “due to suspicious activity.”
Due to suspicious activities in our protocol, we have taken the proactive measure of temporarily suspending all pools.
Further updates will be communicated to the community in a timely manner.
Thank you for your patience and understanding during this time.— Platypus 🔺 (🦆+🦦+🦫) (@Platypusdefi) October 12, 2023
The attacker likely used an instant loan exploit targeting AVAX-sAVAX pools. There have been no official comments about the vulnerability yet.
Platypus was already subject to an attack in February of this year, as a result of which an unknown person withdrew assets worth $8.5 million. In addition, the stablecoin of the USP project lost its peg to the dollar after the hack.
The team reported that the hacker took advantage of an instant loan and a logical error in the solvency check mechanism in the collateral contract. French police later detained suspects in the attack.
Funds in the Platypus main pool covered approximately 35% of user deposits. Developers are still paying compensation for the “stable coin” that has lost its peg. In total, they returned about $1.3 million.
Update on USP compensation
1/ We used the reserved treasury for the 2nd round of compensation today.
Please note that volatile asset values have fluctuated since the plan’s inception, resulting in a total refund of around 1.3m.
Compensation Page: https://t.co/LYUuUsKR8b— Platypus 🔺 (🦆+🦦+🦫) (@Platypusdefi) September 26, 2023
According to Immunefi, in the third quarter, industry losses from hacking and fraud reached $685.5 million – 59.9% more than in the same period last year.
Let us recall that in October, the Stars Arena Web3 application on the Avalanche network lost 266,103 AVAX (~$3 million at the time of the attack) due to a “serious security breach” in smart contracts.
Found an error in the text? Select it and press CTRL+ENTER
ForkLog newsletters: keep your finger on the pulse of the Bitcoin industry!