ZachXBT Identifies Hacker After Attack Erases Half the Value in USP Stablecoin
Platypus Finance, the group behind the USP stablecoin, suffered an $8.5M exploit on Thursday, sending the worth of USP and its native PTP token into a pointy decline.
The incident decimated confidence within the Platypus ecosystem as its stablecoin USP sunk to $0.475 after shedding greater than half of its worth in a day. Platypus’ PTP token additionally misplaced 1 / 4 of its worth in 24 hours.
“This is a bad look for USP auditors, who should have caught this relatively trivial bug,” tweeted Demirelo, a web3 investor and influencer.
Emergency Withdrawal
PeckShield, a blockchain safety agency, said the hacker exploited a flaw within the “emergency withdraw” perform in Platypus’ contracts. PeckShield stated the contract incorrectly calculated the well being of the hacker’s accounts earlier than executing a transaction that allowed the hacker to withdraw $8.5M greater than the collateral that they had provided.
“Dear Community, We regret to inform you that our protocol was hacked recently, and the attacker took advantage of a flaw in our USP solvency check mechanism,” Platypus tweeted. It added that the hackers used a flashloan to use a logic error within the USP contract.
Crypto Sleuth ZachXBT Exposed Chicanery For a Grateful DeFi Community
Deeply Researched Probes of Questionable Projects Proved ‘Invaluable’ in Mad Year
ZachXBT, a well-liked twitter influencer and blockchain sleuth, said he had recognized the hacker and the account was deactivated shortly after the heist. The influencer additionally spotlighted an ENS area and OpenSea account related to the perpetrating pockets.
“I’ve traced addresses back to your account from the Platypusdefi exploit,” ZachXBT stated in a tweet tagging the accused hacker. “We’d like to negotiate returning of the funds before we engage with law enforcement.”
Bounty
Platypus stated affected customers’ balances are coated for as much as 35% of their worth, and that the group has reached out to the hacker to barter a bounty in trade for returning the funds. The group stated it’s working with Binance, Tether, and Circle, to freeze the stolen funds, noting that every one stolen USDT is frozen.
Platypus launched USP in December, 2022, describing the token as an overcollateralized USD-pegged stablecoin. Platypus is at the moment the seventh-largest protocol on the Avalanche community with a complete worth locked of $41M, regardless of the determine dropping 25% in someday, in response to DeFi Llama.
The protocol’s TVL is down greater than 96% since peaking above $1.1B in March.
