Bitcoin 
Ethereum 
Tether 
BNB 
USD Coin 
XRP 
Cardano 
Dogecoin 
Lido Staked Ether 
Polygon 
Solana 
Binance USD 
Polkadot 
Shiba Inu 
TRON 
Litecoin 
Avalanche 
Dai 
Uniswap 
Wrapped Bitcoin 
Chainlink 
Toncoin 
Cosmos Hub 
LEO Token 
Ethereum Classic 
Monero 
OKB 
Bitcoin Cash 
Stellar 
Filecoin 
Aptos 
TrueUSD 
Lido DAO 
Quant 
Hedera 
Cronos 
NEAR Protocol 
VeChain 
Algorand 
Arbitrum 
Internet Computer 
Stacks 
ApeCoin 
The Graph 
Fantom 
EOS 
The Sandbox 
Aave 
Decentraland 
MultiversX 
Tezos 
Flow 
ImmutableX 
Frax 
Theta Network 
Axie Infinity 
KuCoin 
Synthetix Network 
Conflux 
NEO 
Optimism 
BitDAO 
Rocket Pool 
Curve DAO 
Terra Luna Classic 
Pax Dollar 
Gate 
Mina Protocol 
USDD 
Klaytn 
Bitcoin SV 
PancakeSwap 
GMX 
WhiteBIT Token 
Chiliz 
Huobi 
Dash 
Frax Share 
Maker 
IOTA 
eCash 
BitTorrent 
SingularityNET 
Bitget Token 
XDC Network 
cETH 
Edgecoin 
Trust Wallet 
Tokenize Xchange 
PAX Gold 
Tether Gold 
Render 
Zilliqa 
Osmosis 
Loopring 
1inch 
Arweave 
THORChain 
Radix 
Kava Platypus to work on compensation plan after $8.5M attack
Decentralized finance (DeFi) firm Platypus is working on a compensation plan for user’s losses after a flash loan attack drained nearly $8.5 million from the protocol, affecting its stablecoin dollar-peg.
In a Tweet on Feb. 18, Platypus disclosed to be working on a plan to compensate the damages and asked users not to realize their losses in the protocol, saying this would make it harder for the company to manage the issue. Assets liquidation are also paused, said the protocol:
2/ We are working on a plan to compensate the losses, please DO NOT repay your USP and realize the losses. It would be easier for us to manage the damage. Also, you don’t have to worry about liquidation as liquidation is paused, stability fee after the attack will not be counted
— Platypus ( ) (@Platypusdefi) February 18, 2023
According to the firm, different parties are currently involved in the funds’ recovery process, including legal enforcement officials. Further details about the next steps will be disclosed soon, noted Platypus.
Part of the funds are locked up in the Aave protocol. Platypus is exploring a method to potentially recover the funds, which would require the approval of a recovery proposal Aave’s governance forum.
Blockchain security firm CertiK first reported the flash loan attack on the platform through a tweet on Feb.16, along with the alleged attacker’s contract address. Nearly $8.5 million was moved from the protocol, and as a result, the Platypus USD stablecoin became de-pegged from the U.S. dollar, dropping to $0.33 at the time of writing.
Platypus USD Price Chart (USP) – 7 days. Source: CoinGecko
The attacker used a flashloan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral,” said the company. A potential suspect has been identified.
A technical post-mortem analysis conducted by auditing company Omniscia revealed the attack was made possible by incorrectly placed code after it was audited. Omniscia audited a version of the MasterPlatypusV1 contract from Nov. 21 to Dec. 5, 2021. The version, however, “contained no integration points with an external platypusTreasure system” and therefore did not contain the misordered lines of code.
The flash loan attack exploits the smart contract security of a platform to borrow large amounts of money without collateral. Once a cryptocurrency asset has been manipulated on one exchange, it is quickly sold on another, allowing the exploiter to profit from the price manipulation.