Avalanche-based Stablecoin Exchange Platypus Reportedly Loses $8.5M in an Exploit

By Umair

February 17, 2023 12:37 PM

Altcoins News Defi News

Avalanche-based Stablecoin Exchange Platypus Reportedly Loses $8.5M in an Exploit

Share this article:

Table of contents

1. Platypus Suffers a Loss of $8.5M via an Exploit, Says SlowMist
2. Exploiter Calls Diverse Functions to Exploit the Exchange

On the 17^th of February, an exploit was reportedly witnessed on the Avalanche-based stablecoin exchange named Platypus. The exploiter reportedly took away a profit of nearly $8.5M. The blockchain security platform SlowMist reported the incident on its official Twitter channel. The company additionally shared a report on the respective exploit in brief to caution the community.

On February 17, @Platypusdefi, a stablecoin exchange platform on the Avalanche chain was attacked, and the attacker made a profit of approximately $8.5 million.

Here is a brief report👇
— SlowMist (@SlowMist_Team) February 17, 2023

Platypus Suffers a Loss of $8.5M via an Exploit, Says SlowMist

The blockchain security forum wrote a thread of tweets to highlight what took place in the exploit. It stated that the attacker initially borrowed nearly 44M USDC tokens from the AAVE platform by using the flash loan method. In the next step, the malicious actor deposited the borrowed funds into a Platypus-based pool to acquire deposit receipts in the form of LP-USDC. SlowMist mentioned that all of the respective deposit receipts were then deposited by the exploiter into the contract called MasterChef.

After doing that, the exploiter utilized the “borrow” operation for borrowing the entirety of the USP tokens existing in the market. In addition to this, the exploiter updated the position as well as the debt information thereof. Next to that, the attacker used the MasterChef contract’s “emergencyWithdraw” operation to extract the funds at once. Nonetheless, during this function, the “isSolvent” operation was activated for the “platypusTreasur contract” to confirm the consumer collateral’s health.

Exploiter Calls Diverse Functions to Exploit the Exchange

Since the debt of the attacker was lower than the peak borrowing amount, approval was provided. Without the deduction of the exploiter’s debt, the entirety of the receipts present in the respective contract was straightly transacted to the user.

In the end, the exploiter used the Platypus pool’s withdrawal function for burning the deposit receipts as well as extracting the USDC tokens. In addition to this, the exploiter utilized the borrowed USP tokens to swap for the rest of the stablecoins. Following that, the flash loan was repaid as well as profit was earned by the attacker.

Tags:

Altcoins Avalanche AVAX Cryptocurrency Exchange Stablecoins

Share this article:

AUTHOR

Umair

Umair Younas is a cryptocurrency-related content writer linked with this work since 2019. Here, at Blockchainreporter, he serves as a news and article writer. He is a crypto, blockchain, NFTs, DeFi, and FinTech enthusiast. He has strong command over writing authentic reviews about brokers and exchanges and he has collaborated with our education team to write educational content as well. He has a dream to raise awareness among people about digital currencies. His works are well-researched and brimmed with information hence they provide fresh insights. Stay tuned to his posts if you want to stay up-to-date with the crypto-verse.

More Information