Decentralized finance (DeFi) firm Platypus recently experienced a flash loan attack which drained nearly $8.5 million from their protocol, affecting its stablecoin dollar-peg. In response, Platypus is working on a compensation plan for users to recover their losses and have asked users not to realize their losses in the protocol. Assets liquidation have been paused in order to facilitate the recovery process. Different parties are involved in this process, including legal enforcement officials.
The flash loan attack was first reported by blockchain security firm CertiK, who tweeted the alleged attacker’s contract address. The attack was made possible due to an incorrectly placed code after it was audited by Omniscia. Flash loan attacks exploit the smart contract security of a platform to borrow large amounts of money without collateral and quickly sell the cryptocurrency asset on another exchange to profit from the price manipulation.
Part of the funds are locked up in the Aave protocol and Platypus is exploring a method to potentially recover the funds with the approval of a recovery proposal in Aave’s governance forum. Platypus has stated that further details about the next steps will be disclosed soon.
