French Police Arrest Crypto Hackers Worth IDR 140 Billion From Avalanche-Based DeFi

Police have arrested the perpetrator of the crypto hacking of Platypus Finance. (Photo; Doc. NFTNewsPro)

JAKARTA - The French National Police have arrested two people suspected of carrying out a US$9.19 million (around IDR 140 billion) hack of the decentralized finance protocol (DeFi) Platypus Finance which was developed on top of the Avalanche network (AVAX).

Platypus Finance is an auto market maker for stableswaps. According to information announced by the French police, they also managed to confiscate 210,000 euros ($222,505) worth of cryptocurrency.

According to Platypus, they experienced three separate attacks on February 16. The first attack that occurred was the largest, and managed to steal $8.5 million worth of stablecoins (equivalent to IDR 129.6 billion). Platypus managed to freeze the stolen $1.5 million worth of Tether (USDT).

In addition, with the help of blockchain security infrastructure company BlockSec, Platypus was also able to "leverage existing code in the attack contract and extract 2.4 million USDC".

Platypus said they had conducted an investigation into the attack and found that the bug responsible for the attack was a logical error in the USP solvency check mechanism in collateral depository contracts. The impact of the attack was the loss of the Platypus USD (USP) benchmark which was just launched last December. Currently, USP is trading at 0.3 US dollars at the time of writing.

Nonetheless, Platypus confirmed that they have plans to compensate the affected liquidity pool (LP). Additional information, liquidity pool or liquidity pool in the context of crypto is a place where liquidity providers can store their crypto assets and lend or exchange them with other people who need this liquidity.

In the context of DeFi (Decentralized Finance), liquidity pools are the main foundation for DeFi platforms, which enable users to participate in trading, lending, and other DeFi financial services. A liquidity pool consists of two different types of crypto assets, and liquidity providers deposit these assets into the pool in hopes of making a profit.

Platypus stated that 35.4 percent of the funds were still in the main pool. The company also plans to use the surplus held in the main pool to compensate the affected LPs for their losses.

"After the attack, approximately 35.4 percent of the funds remained in the main pool. The surplus we kept in the main pool will be used fully to compensate the affected LPs for their losses," said Platypus Finance's announcement, quoted from U.Today.

In addition, Platypus managed to recover 2.4 million USDC (17.7 percent of pre-attack assets), and approximately 53.1 percent of the pool funds will be returned to all affected LPs.

Platypus is also in discussions with various parties to help reinvent the stablecoins caught in the attack contract, and once all stablecoins have been acquired, Platypus will distribute the re-minted tokens to LP on a pro-rata basis.

Meanwhile, the French police stated that they were still investigating this case and hoped to find further evidence regarding the actions of the hackers. The police also stressed that the success in catching the perpetrators showed that they were serious about fighting criminal acts that occurred in cyberspace.