Scam Alert

Stablecoin Trading Platypus Attacked Flash Loans Losing About $9 Million

Key Points:

  • Today, the Platypus Stablecoin Exchange Project was hacked with an estimated loss of $9 million.
  • The project was hacked through flash loans on AVAX.
  • The cause is believed to stem from a vulnerability in verifying the MasterPlatypusV4 contract using the EmergencyWithdraw function.
Security firm CertiK Alert announced on Twitter that the stablecoin trading project Platypus was hit by an AAVE flash loan attack, resulting in total asset losses of approximately $9 million.

Most of the stolen funds are still in the attacker’s contract address, with some being sent to the EOA and AAVE pools.

According to the CertiK analysis, the vulnerability appears to be in verifying the MasterPlatypusV4 contract using the EmergencyWithdraw function, which will only fail when the borrowed asset exceeds the borrowing limit.

This function then proceeds to transfer all of the user’s deposited assets regardless of the value of the user’s borrowed assets. The specific process is as follows:

  1. The attacker deposited 44 million USDC into Platypus’ USDC assets (LP-USDC) and obtained 44 million LP-USD. The attacker then deposits LP-USD into MasterPlatypusV4
  2. The attacker calls the loan() function to mint approximately 41.79 million USP in contract coffers. This is the maximum amount allowed under the loan limit, equal to 95% of the user’s collateral.
  3. Since the attacker does not borrow more than 95% of the upper limit, the value of isSolvent returns “true,” allowing the attacker to call the EmergencyWithdraw function and all 44 million LP-USDC.
  4. The attacker withdrew 44 million USDC from Platypus USDC assets (LP-USDC) and started exchanging USP for various assets through the Platypus Finance team.

After the flash loan repayment, the total loss of this platform was around $9 million.

“We are currently working to assess the situation and will be in touch promptly. For now, all action has been paused until the situation is over becomes clearer”.

Team announced in the official Telegram group:

According to the data, the Platypus USP project’s original stablecoin has de-anchored to $0.4785.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Website: coincu.com

Foxy

Coincu News

Victor

Share
Published by
Victor
Tags: # CryptocurrenciesattackAvalancheAVAXcryptoFlash LoanhackPlatypusStablecoin Trading
2 years ago

Recent Posts

Crypto Millionaire Identifies 4 Coins that Will Skyrocket Like 2017’s Ripple (XRP) and Cardano (ADA)

2017 saw the cryptocurrency community record mouthwatering profits as several cryptos made remarkable gains. XRP…

40 mins ago

Donald Trump Victory Is Paving the Way for Altcoin ETFs

Crypto advocates are optimistic about the approval of alternative cryptocurrency ETFs following Donald Trump victory.

1 hour ago

Binance Founder CZ Increases Net Worth to $53 Billion After Trump Win

Binance founder CZ, while barred from leading the exchange due to a DOJ plea deal,…

2 hours ago

BTC.COM Reshapes to Open-Source Computing Power Platform

Singapore, Singapore, 7th November 2024, Chainwire

2 hours ago

Ethereum Launches Mekong Testnet for Pectra Upgrade

The Ethereum Foundation launched the Mekong testnet, a short-lived testnet enabling devs to explore UX…

2 hours ago

Solv Protocol Enhances SolvBTC with Asset Classification

Singapore, Singapore, 7th November 2024, Chainwire

2 hours ago

This website uses cookies.