Scam Alert

Stablecoin Trading Platypus Attacked Flash Loans Losing About $9 Million

Key Points:

  • Today, the Platypus Stablecoin Exchange Project was hacked with an estimated loss of $9 million.
  • The project was hacked through flash loans on AVAX.
  • The cause is believed to stem from a vulnerability in verifying the MasterPlatypusV4 contract using the EmergencyWithdraw function.
Security firm CertiK Alert announced on Twitter that the stablecoin trading project Platypus was hit by an AAVE flash loan attack, resulting in total asset losses of approximately $9 million.

Most of the stolen funds are still in the attacker’s contract address, with some being sent to the EOA and AAVE pools.

According to the CertiK analysis, the vulnerability appears to be in verifying the MasterPlatypusV4 contract using the EmergencyWithdraw function, which will only fail when the borrowed asset exceeds the borrowing limit.

This function then proceeds to transfer all of the user’s deposited assets regardless of the value of the user’s borrowed assets. The specific process is as follows:

  1. The attacker deposited 44 million USDC into Platypus’ USDC assets (LP-USDC) and obtained 44 million LP-USD. The attacker then deposits LP-USD into MasterPlatypusV4
  2. The attacker calls the loan() function to mint approximately 41.79 million USP in contract coffers. This is the maximum amount allowed under the loan limit, equal to 95% of the user’s collateral.
  3. Since the attacker does not borrow more than 95% of the upper limit, the value of isSolvent returns “true,” allowing the attacker to call the EmergencyWithdraw function and all 44 million LP-USDC.
  4. The attacker withdrew 44 million USDC from Platypus USDC assets (LP-USDC) and started exchanging USP for various assets through the Platypus Finance team.

After the flash loan repayment, the total loss of this platform was around $9 million.

“We are currently working to assess the situation and will be in touch promptly. For now, all action has been paused until the situation is over becomes clearer”.

Team announced in the official Telegram group:

According to the data, the Platypus USP project’s original stablecoin has de-anchored to $0.4785.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Website: coincu.com

Foxy

Coincu News

Victor

Recent Posts

Bonk (BONK) Price Jumps 175% in November, Could Shiba Inu (SHIB) and Rexas Finance (RXS) Be the Next to Break Out?

SHIB has increased by 4.30% in the previous 24 hours, while Rexas Finance continues to…

14 minutes ago

VTIS 2024: Unlocking the Gateway to Emerging Tech Markets

What must investors and businesses do to seize opportunities in the rapidly evolving technology landscape?…

21 minutes ago

TON Hacker House Bangkok Draws 300+ Global Developers and 70+ Demo Submissions, Highlight the TON Ecosystem at Devcon Thailand, Powered by TONX

More than 50 Partners Gathered, Including TON Society, TOX, Yescoin, and MEXC, Converging in Bangkok

31 minutes ago

Antarctic Exchange Chapter 2: Earn Rewards, Level Up, and Join the Revolution

The much-anticipated Antarctic Exchange (AX) Testnet Chapter 2 is here, kicking off on November 25th,…

2 hours ago

Cantor Fitzgerald Launches $2 Billion Bitcoin Lending Program

Cantor Fitzgerald plans a $2B Bitcoin Lending Program via Tether, leveraging Bitcoin as collateral and…

3 hours ago

Sky Mavis Workforce Layoffs Impact 21 Percent Of Employees

Sky Mavis workforce layoffs impact 21% of staff as the Axie Infinity developer announces strategic…

3 hours ago

This website uses cookies.