1 March 2023

French police arrest two suspects behind Platypus Finance hack


French police arrest two suspects behind Platypus Finance hack

French police have arrested two suspects believed to be responsible for the theft of $9.1 million in cryptocurrency from the US-based DeFi platform Platypus Finance. The two brothers, aged 18 and 20, have been arrested in Ile-de-France, just a few days after the hack was perpetrated.

The hackers targeted Platypus on February 17 in a series of flash loan attacks, exploiting a flaw in a key pricing mechanism of the platform. In the first attack they stole $8.5 million, $380,000 in the second, and $287,000 in the third. Inadvertently, the hackers sent the proceeds of the second attack to Aave, a lending protocol.

Of the $9 million in stolen assets, Platypus said it has recovered 2.4 million USDC and 687,000 BUSD. The company has also worked with Tether to freeze 1.5 million USDT.

As part of the arrest French police seized 210,000 euros ($222,000) worth of cryptocurrency.

The two hackers have been arrested after a blockchain investigator named ZachXBT had discovered a link between the attacker’s Twitter account and transactions in the blockchain. The Binance exchange platform also provided assistance in the investigation, Platypus said.


Back to the list

Latest Posts

What is Vulnerability Management? A Beginner's Guide

What is Vulnerability Management? A Beginner's Guide

In this article will try to cover basics of vulnerability management process and why it is important to every company.
11 September 2024
Cyber Security Week in Review: September 6, 2024

Cyber Security Week in Review: September 6, 2024

In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
6 September 2024
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.
5 September 2024