Platypus, a decentralised finance (DeFi) platform, revealed that unknown threat actors have managed to nick over $8.5 million in cryptocurrency funds from them. Known as a “flash loan attack,” the hackers borrowed a huge amount of crypto from the firm and used it to manipulate the prices of digital assets until they could dump it for a huge profit.
On February 18, the DeFi firm shared on Twitter that they reached out to a blockchain security company to help them recover their funds, resulting in a successful recovery of $2.4 million USDC. Still, this amount is only a fraction of their losses.
The Platypus DeFi communicated with the hackers to negotiate a bounty.
According to a released statement, the DeFi firm had been communicating with the hackers to negotiate a bounty and return all the stolen funds to them. Several third-party companies, including Binance, Tether, and Circle, have been working with Platypus DeFi to help freeze the stolen digital assets and prevent more damage.
Meanwhile, all affected investors were assured of being reimbursed and compensated due to the lost funds.
Several security experts claimed that with DeFi platforms being independent of centralised authorities comes a consequence of having a tougher time recovering losses. As flash loan attacks become an increasing threat for DeFi platforms like Platypus, investors are warned to be more protective of their digital assets as it is always exposed to risks.
In 2022, the Crema Finance cryptocurrency platform lost over $9 million in an attack, alongside Elephant Money, which lost $11.2 million of Binance coins to hackers. Meanwhile, another crypto firm Cream Finance lost $196 million worth of digital assets to hackers in a series of flash loan attacks in 2021.
On the other hand, some flash loan operators clean their reputes by arguing that their campaigns are simply about taking advantage of flaws and lapses in codes that result in massive amounts of profit. This argument, however, is not valid, as flash loan attacks would always be illegal since it is a form of theft.
Thus, security experts recommend investors use multi-factor authentication when doing transactions, using an authenticator app for unique codes, avoiding public Wi-Fi connections, and subscribing to a VPN service, among other protection methods.
