The Platypus platform reported that the attacker took out an instant loan using a logical error in the solvency check mechanism in the collateral contract. An unknown person was able to withdraw assets from the main pool. As a result of the actions of the hacker, the stablecoin Platypus USD lost its peg to the US dollar, falling by 52.2% to $0.47.
We regret to inform you that our protocol was hacked recently, and the attacker took advantage of a flaw in our USP solvency check mechanism. They used a flashloan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral.
— Platypus (@Platypusdefi) February 17, 2023
Platypus has suspended all operations on the platform. At the moment, the funds in the main pool of Platypus cover only 35% of user deposits. Funds in another pool are not affected. The Platypus team is negotiating with the hacker for a refund in exchange for a reward. The platform has also asked Binance, Tether and Circle to freeze the stolen funds to prevent further losses.
According to DefiLlama, in March last year, the volume of funds locked in the Platypus protocol reached an all-time high of $1.25 billion.. Now this figure is about $40.7 million.
This is not the first time that hackers have used instant loans attacks.. Last fall, the DeFi protocol New Free DAO, powered by Binance Smart Chain, was subjected to similar frauds.. His NFD token crashed 99%.