Decentralized-finance (DeFi) protocol Platypus Finance has announced that it will repay a minimum of 63% of funds to its users after recovering a portion of the $9 million exploited from the platform last week.
The platform was hacked in a three-part attack that exploited a bug in the platform’s solvency check mechanism, resulting in the theft of several crypto assets including Circle’s USD Coin [USDC], Tether [USDT], Maker [DAI], and Binance USD [BUSD].
According to a 23 February blog post by Platypus Finance, the platform worked with crypto exchange Binance to confirm the identity of the exploiter, who used a Binance account that went through know-your-customer checks for a withdrawal request. The protocol contacted law enforcement and filed a complaint in France regarding the hack.
A team from blockchain intelligence firm BlockSec assisted Platypus Finance in recovering $2.4 million worth stolen USDC. Additionally, Tether froze $1.5 million worth of stolen USDT. However, $287,000 worth of assets stolen in the third attack were written-off as lost and unrecoverable. The hacker ran the stolen assets through crypto mixer Tornado Cash and encryption service Aztec Network, making them untraceable.
In the blog post, Platypus Finance clarified that it had not used its $1.4 million treasury to compensate victims. However, it may do so over the next six months if the platform could not recover more assets. Additionally, the protocol submitted a proposal to Aave’s governance forum for the release of $380,000 of stablecoins mistakenly transferred to the lending protocol. If approved, the compensation for users would go up to 78%.
As for Platypus Finance’s future actions, a police case has been filed against the exploiter.
Read more on ambcrypto.com