A French court has acquitted two hackers involved in the exploitation of the Platypus stablecoin project on Avalanche. The incident took place in February when the Platypus stablecoin USP fell victim to a flash loan attack, leading to a financial loss of $8.5 million. The accused individuals claimed to be hackers with good intentions, asserting that they exploited vulnerabilities to return the funds later on.
On February 16, 2023, an individual named Mohammed M. manipulated a coding error to withdraw the equivalent of 8.3 million euros from one of Platypus’s cryptocurrency “pools”—shared reserves available to investors for trading digital assets. This unauthorized action was executed without any compensation.
Such security breaches are not uncommon in the decentralized finance sector, where operations related to cryptocurrencies, such as buying, selling, or lending, are automated using blockchain technologies, eliminating the need for human intermediaries. However, the downside is that any coding flaws in the programs governing these services, known as “smart contracts,” can be exploited for fund theft.
After receiving a tip-off from the cryptocurrency exchange Binance, the Central Office for Combating Crime Linked to Information and Communication Technologies launched an investigation. In a matter of days, financial flows were analyzed, leading to the identification and subsequent arrest of two brothers, Mohammed, and Benamar M., on February 24 in Aubervilliers (Seine-Saint-Denis). Mohammed M. faced charges for unauthorized access and maintenance of an automated data processing system, fraud, and money laundering, while his brother was accused of receiving stolen property.
Avalanche’s DeFi Hacker In Legal Conundrum
The story first reported by Le Monde also mentions an intriguing defense strategy presented by Mohammed M. during his court appearance on October 26 at the Paris court. Despite not disputing the facts, he portrayed himself as an “ethical hacker” who aimed to “recover the endangered funds from the Avalanche DeFi platform for later restitution.” His motivation included the expectation of receiving a “bonus” from the company, equivalent to “around 10% of the total sum.” This claim adds a layer of complexity to the case, as Mohammed M. asserts a noble intention behind his actions despite the legal consequences he faces.
Platypus Finance, a leading player in Avalanche’s DeFi landscape, operates as a stable swap platform, enabling the trading of stablecoins with minimal price slippage or impact. The platform’s Automated Market Maker [AMM] on Avalanche offers features like open liquidity single-sided AMM, which autonomously manages risk based on the coverage ratio, ensuring optimal capital efficiency.