Platypus Finance to compensate users affected by exploit, more inside

• Platypus Finance has laid out compensation plans for users affected by last week’s $9 million exploit.
• The platform will ensure a compensation of 63%, which may increase to 78% based on a governance vote on Aave.

Decentralized-finance (DeFi) protocol Platypus Finance has announced that it will repay a minimum of 63% of funds to its users after recovering a portion of the $9 million exploited from the platform last week.

The platform was hacked in a three-part attack that exploited a bug in the platform’s solvency check mechanism, resulting in the theft of several crypto assets including Circle’s [USDC], [USDT], Maker [DAI], and Binance USD [BUSD].

78% fund recovery rate may be possible 
According to a 23 February blog post by Platypus Finance, the platform worked with crypto exchange Binance to confirm the identity of the exploiter, who used a Binance account that went through know-your-customer checks for a withdrawal request. The protocol contacted law enforcement and filed a complaint in France regarding the hack.

A team from blockchain intelligence firm BlockSec assisted Platypus Finance in recovering $2.4 million worth stolen USDC. Additionally, Tether froze $1.5 million worth of stolen USDT. However, $287,000 worth of assets stolen in the third attack were written-off as lost and unrecoverable. The hacker ran the stolen assets through crypto mixer Tornado Cash and encryption service Aztec Network, making them untraceable.

In the blog post, Platypus Finance clarified that it had not used its $1.4 million treasury to compensate victims. However, it may do so over the next six months if the platform could not recover more assets. Additionally, the protocol submitted a proposal to Aave’s governance forum for the release of $380,000 of stablecoins mistakenly transferred to the lending protocol. If approved, the compensation for users would go up to 78%. 

As for Platypus Finance’s future actions, a police case has been filed against the exploiter. Additionally, a filing for the cybersecurity department was underway. The pool will relaunch as soon as next week, without the functions associated with USP. On-chain voting is also planned to ensure participation from the community in the decision-making process.