Stablecoin Trading Platypus Attacked Flash Loans LOSSING Approximately $9 Million

​ 

Key Points: Today, the Platypus Stablecoin exchange Project was hacked with an estimate loss of $9 Million.
The flash loans on AVAX were used to hack the project.
The vulnerability in the EmergencyWithdraw function used to verify the MasterPlatypusV4 contract is believed to be the root cause.
The specific process is as follows: An attacker deposited 44 million USDC into Platypus’ USDC assets (LP-USDC) and then obtained 44 million LP-USDC. The attacker made 44 million USDC deposits into Platypus’ USDC assets and then obtained 44 million LPUSD. The attacker then deposits LPUSD into MasterPlatypusV4.
The attacker uses the loan() function in order to create approximately 41.79million USP in contract coffers. This is 95% of the collateral that the loan limit allows.
The attacker cannot borrow more than 95% the upper limit. Therefore, the value of isSolvent returns true. This allows the attacker to call the EmergencyWithdraw function as well as all 44 million LPUSDC.
The attacker took 44 million USDC from Platypus USDC assets and began exchanging USP for various assets via the Platypus Finance team.
The platform lost approximately $9 million after the repayment of the flash loans.
“We are currently assessing the situation and will be in touch shortly. All action is halted for now until the situation becomes clearer.
Team announced in Telegram: According to the data, Platypus USP’s original stablecoin was de-anchored to $0.4785. We encourage you to do your research before investing.Join us to keep track of news: https://linktr.ee/coincuWebsite: coincu.comFoxyCoincu NewsTags: # Cryptocurrencies#MarketsattackAvalancheAVAXBlockchaincryptoFlash LoanhackPlatypusStablecoin Trading