What Exactly Happened To Platypus and Compensation Plan After Losing $8.5M
There is no way you can underestimate the potential of crypto that is going to disrupt the existing financial system. When you hear any news of scam, hack, or, exploit in the crypto industry, it makes you sad. Avalanche-based DeFi platform Platypus exploited and lost $8.5 million worth of crypto assets.
How could this happen? Audit companies usually audit the protocol and express their opinion. If you have technical knowledge, you can check it out on your own and see how good it is. But most people rely on the DeFi protocol team and audit company and hope they do a good job for the safety and security of the protocol.
Platypus auditor Omniscia did a technical post-mortem analysis to figure out what exactly happened and how the attacker managed to launch the flash loan attack to steal the funds. When Omniscia audited the MasterPlatypusV1 contract, it was fine.
There were some changes after the audit. The code for the emergencyWithdraw function could prevent the attack since it has all the elements that are required to do that. But those elements were written in the wrong order. Due to incorrectly placed code after the audit, the attacker was able to exploit and hack almost $8.5 million worth of crypto assets.
You may think everything is fine seeing the audit report, but what happens after an audit, that can make the system vulnerable to attack. Hackers are waiting for taking advantage of any vulnerability to exploit and steal cryptocurrency.
In crypto, there are rug pull and inside job behind exploit and hack. You cannot say for sure what could happen next. Otherwise, no one will invest in any crypto project that can get them rekt.
Platypus wanted to offer a bounty to the attacker in an attempt to recover the stolen funds. Most of the time, we see the same thing happens after a hack. If it works out, they can get a portion of the funds back.
Platypus is working with different parties including law enforcement agencies to recover the funds. Blockchain security firm CertiK first detected this flash loan attack and revealed the attacker's contract address in a tweet.
Hope DeFi platform Platypus becomes successful to recover the funds and minimize the loss. Things are not always butterflies, rainbows, and sunshine in crypto. Before making any financial decision in crypto, doing due diligence is a must.
So what do you think? Please feel free to leave your comments. Thank you for reading this post. That's it for now. I'll be back with another post.