Platypus, a stablecoin exchange initiative, has stated that it is developing a strategy to reimburse consumers and warn them not to refund the current stablecoin USP. This project stated on twitter:
1/
— Platypus 🔺 (🦆+🦦+🦫) (@Platypusdefi) February 18, 2023
Thanks everyone who supported us over the last few days! We’ve been trying our best to recover the losses and would like to give everyone a quick update:
"We are working on a plan to compensate the losses, please DO NOT repay your USP and realize the losses. It would be easier for us to manage the damage. Also, you don’t have to worry about liquidation as liquidation is paused, stability fee after the attack will not be counted.”
Users also won't be charged a stability fee following the attack, and liquidation is presently on hold, so they don't need to worry about that. While the team is collaborating with all parties to remedy the harm, more time is required to verify the findings.
Also, the team is in touch with law enforcement; once this is confirmed, more announcements will be made. Also, certain monies are locked in AAVE, and the team is looking into a potential solution to recover these assets. To do so, a recovery plan must be presented and approved on the AAVE admin forum.
Platypus suffered a flash loan attack on AAVE, which caused a total asset loss of about $9 million.
The MasterPlatypusV4 contract's EmergencyWithdraw function, which will only fail when the borrowed asset exceeds the borrowing limit, looks to be the weak point.
But, however, Platypus was able to recover $2.4 million from attackers thanks to the use of an improved proxy thanks to the crypto security company BlockSEC. The attacker can only recover a small portion of the initial stolen monies with this assistance.
This was done, in order to recover the funds from the attacker's contract. In addition, he claimed that the attacker contract's lack of a transfer function resulted in the loss of $8 million in assets.