Platypus Finance, a decentralized finance (DeFi) protocol running on the Avalanche blockchain, has announced that it has recovered most of the funds that were stolen in a recent exploit. The protocol said that the hacker voluntarily returned the assets and agreed not to face any legal action.
The exploit occurred on October 12, when a hacker used three flash loan attacks to drain $2.23 million from the protocol’s liquidity pools. A flash loan attack is a type of exploit that allows a hacker to borrow a large amount of crypto without collateral and use it to manipulate the market prices of certain tokens. The hacker then repays the loan and profits from the price difference.
Platypus Continues to Move Forward with Its Recovery Plans
Platypus Finance said that it had contacted the hacker and negotiated a deal to recover the funds. According to the protocol’s announcement, over 90% of the funds have been recovered, and the net loss has been minimized to approximately 18,000 Avalanche (AVAX), worth about $167,400 at the time of writing.
1/ Following successful negotiations, we are making good progress and 90% of the funds stolen from the sAVAX pool have now been successfully returned by the exploiter. As promised, Platypus will guarantee that no legal action will be pursued.
— Platypus 🔺 (🦆+🦦+🦫) (@Platypusdefi) October 17, 2023
The protocol also said that it would release further information on how users can withdraw their assets. This was not the first time that Platypus Finance was attacked by hackers. In July, the protocol lost $157,000 in another flash loan attack. In February, the protocol suffered a massive $8.5 million loss in yet another flash loan attack.
After the February incident, Platypus Finance claimed that it would return at least 63% of users’ assets lost in the attack via its recovery plan.
Platypus Finance is an automated market maker (AMM) that allows users to swap tokens, provide liquidity, and earn rewards. The protocol raised $3.3 million in funding in 2021 from investors including Three Arrows Capital, which later shut down its crypto hedge fund.
The protocol has halted all its operations and is conducting a security audit to prevent further attacks. Platypus Finance also urged its users to be careful and not trust any fake websites or messages claiming to be from the protocol.