Last Thursday, the stablecoin Platypus USD (USP) suddenly lost its link with the US dollar. The cause of this was not yet clear, but it is now known. A security hole allowed a hacker to exploit a special type of loan.
Stablecoin protocol Platypus hacked
CoinDesk reported Thursday about the problem at Platypus Finance. The USP stablecoin dropped from $1 to just 48 cents. The protocol lost $8.5 million in a flash loan attack, according to crypto security firm CertiK.
Admittedly, this is relatively little, even in stablecoin terms. The protocol doesn’t seem to have been that great, however CoinGecko not fully estimate the market value of the token. shortly after the hack, the market value suddenly increased from an estimated $ 3.1 million to almost $ 64 million. Presumably this is because Platypus restored the “peg” in slang with the dollar last Friday, while the rogue tokens have not yet been destroyed.
We are seeing a #flashloan attack-on @Platypusdefi resulting in a potential loss of ~$8.5M.
Tx AVAX: 0x1266a937c2ccd970e5d7929021eed3ec593a95c68a99b4920c2efa226679b430
Stay Frosty! pic.twitter.com/AM2HOM5M2r
— CertiK Alert (@CertiKAlert) February 16, 2023
DThe attacker managed to break the protocol with a so-called flash loan of USD 44 million from Aave v3. Due to an error in the protocol, he was able to mint extra coins. He then converted $8.5 million into other stablecoins, after which he paid off the flash loan. According to The Block the developers have shut down the protocol until it has more clarity on the situation.
A flash loan is a type of loan that originated in the crypto industry. This is because it is already paid off before the transaction is completed, so that you can exchange liquid assets with each other at lightning speed, for example. Unfortunately, DeFi protocols sometimes have security problems, which makes it relatively easy for hackers to abuse these types of loans.
Hackers in 2023 already less successful
Platypus seems to have been an easy target, as the protocol seems to have only existed for a month. It hadn’t stood the test of time, so it was still a ‘fresh’ project even for hackers to try to exploit.
2022 was a record year for hackers, but that changed once 2023 started. The amount stolen in January of this year was 93% lower than the amount in 2022.