The USP stablecoin of the Platypus Finance DeFi project lost its peg to the dollar after an attack, in which an unknown actor siphoned $8.5 million from the Avalanche-based protocol.
Dear Community,
We regret to inform you that our protocol was hacked recently, and the attacker took advantage of a flaw in our USP solvency check mechanism. They used a «flash loan» to exploit a logic error in the solvency check mechanism in the contract holding the collateral.— Platypus 🔺 (🦆+🦦+🦫) (@Platypusdefi) February 17, 2023
The team said the hacker used «flash loan» and a logic error in the solvency-check mechanism in the collateral contract.
After the loss of $8.5 million, the main pool covers about 35% of user deposits.
3/ There were losses totaling 8.5M from the main pool. Right now deposits from users are covered up to 35% of their deposits. Funds in other pool are unaffected.
The hacker has been contacted to negotiate a bounty in exchange for return of the funds.— Platypus 🔺 (🦆+🦦+🦫) (@Platypusdefi) February 17, 2023
The protocol developers reached out to several firms, including Binance, Tether and Circle, to freeze the stolen assets. They offered the hacker a bounty in exchange for returning the funds.
The USP stablecoin lost about 52% of its value after the exploit. The USD-pegged stablecoin traded at around $0.48 (CoinGecko).
Platypus Finance offers users an AMM platform for pegged assets. According to DeFi Llama, the total value of assets locked in the protocol stands at $40.77 million. At its peak in March 2022 the figure reached $1.25 billion.
In 2022, Web3-industry lost about $3.6 billion in hacks, according to Beosin. This was almost 50% higher than the year prior, Beosin experts estimate.