Two suspects were arrested by French law enforcement in connection to the $9.1 million exploit on Platypus, with police seizing 210,000 euros worth of cryptocurrency as part of their investigation. The arrests were made possible thanks to support from crypto sleuth ZachXBT and exchange Binance, according to Platypus. The same malicious actor targeted the decentralized protocol in three flash loan attacks on February 16.
In the first attack, approximately $8.5 million in assets were stolen, while roughly 380,000 assets were mistakenly sent to the Aave v3 contract in the second incident. In the third attack, an estimated $287,000 was stolen when perpetrators exploited a logic error in the Platypus USD (USP) solvency check mechanism using a flash loan method. Avraham Eisenberg had previously used this same technique to manipulate the MNGO coin price in October 2022; he was arrested on fraud charges in Puerto Rico on December 28 as a result.
It is essential to know that Platypus plans to return funds to affected users on February 23. Also, they declared that 63% of the main pool funds would be returned within six months. If approved by Aave— and Tether confirms reminting the frozen USDT—approximately 78% of the user’s funds could be recovered. Platypus noted their proposal, “if approved and Tether confirms reminting the frozen USDT, we will recover approximately 78% of the user’s funds.” Stable swap operations have not been affected.