A French court has allowed two brothers responsible for the theft of $8.5 million from decentralized finance (DeFi) protocol Platypus to walk free with no repercussions.
On Feb. 16, hackers managed to drain and move $8.5 million from Platypus through a flash loan attack, forcing the protocol to suspend trading services until a resolution was found. Initial investigations identified the culprit as Mohammed M., who took advantage of a code error and withdrew all assets through an uncollateralized loan.
#CertiKSkynetAlert
— CertiK Alert (@CertiKAlert) February 16, 2023
We are seeing a #flashloan attack on @Platypusdefi resulting in a potential loss of ~$8.5M.
Tx AVAX: 0x1266a937c2ccd970e5d7929021eed3ec593a95c68a99b4920c2efa226679b430
Stay Frosty! pic.twitter.com/AM2HOM5M2r
With the help of Binance’s security team and independent crypto investigators, the stolen funds were tracked, eventually leading to the hackers: Mohammed and his brother Benamar M.
The brothers had been held in custody since Feb. 24, and they admitted to stealing and siphoning the funds in an Oct. 26 court hearing — but claimed to be “ethical hackers.” They also told the Paris judicial court they had intended to return the funds in exchange for 10% of the loot.
Considering its similarity to a bug bounty attempt, the court cleared the brothers of all criminal charges. During the exploit, 7.8 million euros worth of crypto tokens became inaccessible after getting stuck in a wallet.
Related: Platypus Finance recovers 90% of assets lost in exploit
Amid the legal proceedings related to the hack, Platypus recently suffered a $2.2 million loss in another flash loan exploit.
Due to suspicious activities in our protocol, we have taken the proactive measure of temporarily suspending all pools.
— Platypus (++) (@Platypusdefi) October 12, 2023
Further updates will be communicated to the community in a timely manner.
Thank you for your patience and understanding during this time.
Blockchain security firm CertiK’s investigation revealed that the Oct. 12 hack was carried out in three parts, with each attack draining $2.23 million, $575,000 and $450,000, respectively, in various cryptocurrencies.
On Oct. 17, Platypus managed to recover 90% of the stolen following an agreement with the hacker.
Magazine: This is your brain on crypto: Substance abuse grows among crypto traders