Platypus hacker walks free with $8.5M after claiming to be ‘ethical hacker’
Two brothers, responsible for the theft of $8.5 million from decentralized finance (DeFi) protocol Platypus, were allowed to walk free with no repercussions by a French court.
On Feb. 16, hackers managed to drain and move $8.5 million from Platypus through a flash loan attack, forcing the protocol to suspend trading services until a resolution was found. Initial investigations identified Mohammed M. as the culprit, who took advantage of a code error and withdrew all assets through an uncollateralized loan.
We are seeing a #flashloan attack on @Platypusdefi resulting in a potential loss of ~$8.5M.
Tx AVAX: 0x1266a937c2ccd970e5d7929021eed3ec593a95c68a99b4920c2efa226679b430
Stay Frosty! pic.twitter.com/AM2HOM5M2r
— CertiK Alert (@CertiKAlert) February 16, 2023
With the help of Binance’s security team and independent crypto investigators, the stolen funds were tracked, eventually leading to the hackers — Mohammed and his brother Benamar M.
While the duo were held indefinitely in custody from Feb. 24, on an Oct. 26 court hearing, the brothers claimed to be “ethical hackers” while admitting to stealing and siphoning the funds. The hackers also told the Paris judicial court about their intent to return the funds in exchange for 10% of the loot.
Considering the similarity to a bug bounty attempt, the brothers were cleared of all criminal charges. During the exploit, 7.8 million euros worth of crypto tokens became inaccessible after getting stuck in a wallet.
Related: Platypus Finance recovers 90% of assets lost in exploit
Amid legal proceedings related to the hack, Platypus recently suffered a loss of $2.2 million in another flash loan exploit.
Due to suspicious activities in our protocol, we have taken the proactive measure of temporarily suspending all pools.
Further updates will be communicated to the community in a timely manner.
Thank you for your patience and understanding during this time.— Platypus (++) (@Platypusdefi) October 12, 2023
Blockchain security firm CertiK’s investigation revealed that the Oct. 12 hack was carried out in three parts, with each attack draining $2.23 million, $575,000 and $450,000, respectively, in various cryptocurrencies.
On Oct. 17, Platypus managed to recover 90% of the stolen following an understanding with the hacker.
Magazine: This is your brain on crypto: Substance abuse grows among crypto traders