Key Points:
With assistance from blockchain security company BlockSec, the Platypus protocol was breached yesterday, resulting in at least 2.4 million USDC being returned to the compromised platform.
According to MetalSleuth, a visualization tool from Blocksec, of the nearly $9.1 million in stolen monies from Platypus, it was discovered that the attacker could only pay out $270,000.
$8.5 million of the stolen money has been frozen in the contract where it was transferred, and another $380,000 from a second exploit attempt was unintentionally routed back to Aave.
BlockSec’s strategy for exploiting the attacker’s contract flaw centered around getting back some of the stolen money for Platypus.
“By leveraging this loophole, the project can transfer the funds from the attacker contract to the project’s account,”
Yajin Zhou, co-founder of BlockSec told The Block.
Using the proof of concept we produced, the project was able to recover $2 million. According to Zhou, this was done in order to reclaim the money from the attacker’s contract. He also said that $8 million in assets were left stranded because the attacker contract lacks a transfer function.
To get back the crypto, BlockSec used a callback function in the attacker’s contract.
“The attack was launched through the flash loan callback interface in the attack contract. This callback function has no access control. And during this callback function, the attacker hardcoded the logic to approve USDC to the project’s contract (which is a proxy),”
Zhou said.
As mentioned in an earlier Coincu News article, the Platypus Stablecoin Exchange Project was hacked with an estimated loss of $9 million. The project was hacked through flash loans on AVAX. The cause is believed to stem from a vulnerability in verifying the MasterPlatypusV4 contract using the EmergencyWithdraw function.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your research before investing.
Join us to keep track of news: https://linktr.ee/coincu
Foxy
Coincu News
Explore BlockDAG's Testnet, which launches soon! Discover the potential impact on BDAG's value, Notcoin Price…
See how BlockDAG’s Sept 20 Testnet launch is drawing in new users as Notcoin investors…
Dive into BDAG’s journey towards major exchange debuts and its potential for a staggering 30,000x…
Explore the frontrunners in the cryptocurrency space with the latest updates on Arbitrum, THORChain’s market…
The MicroStrategy Bitcoin investment follows a $1.01 billion private offering of convertible senior notes.
Discover how BlockDAG's expected English Premier League partnership has ignited a $72.4M presale boom while…
This website uses cookies.