Popular on-chain sleuth ZachXBT has reportedly uncovered the identity of the attacker responsible for the recent exploit on Platypus Finance’s dollar-pegged stablecoin. According to a Twitter thread by the on-chain detective, the exploiter, who goes by retlqw on Twitter, has a history of tweeting suspicious content suggestive of hacking and exploiting crypto projects.
Platypus Finance’s new stablecoin, Platypus USD (USP), was hacked earlier today. The attacker took advantage of a vulnerability in the stablecoin’s solvency check mechanism to execute a flash loan exploit on the contract holding the collateral. When the dust settled, retlqw had made away with nearly $8.5 million worth of crypto assets.
Data from Snowtrace shows that the exploiter’s wallet currently holds more than 4.3 million USDC and over 2.7 USDT, among other crypto assets. The funds on USDT have been frozen. Platypus informed its community that users were covered up to 35% of their deposits, while funds in other pools remain unaffected.
ZachXBT and Platypus Finance’s team are coordinating with several parties, including Binance, Tether, and Circle, to ensure the safety of the funds. The on-chain sleuth reached out to retlqw on Twitter, but the exploiter deactivated his account. Platypus Finance has contacted the exploiter to negotiate a bounty in exchange for the return of the funds before involving law enforcement in the matter.
“We understand that this is a difficult time for our community, and we appreciate your patience and understanding. We want to assure you that we are taking this matter seriously and will keep you informed as we make progress,” Platypus Finance told its users.
The attack on Platypus USD had a devastating effect on the stablecoin. Following the exploit, USP tanked more than 52% and lost its peg. The stablecoin is currently trading at $0.47. Platypus Finance’s native token, PTP, also lost 42% of its value in the aftermath of the attack. The token has since recovered and is currently trading at $0.11.