Platypus DeFi Platform Hit by $8.5M Flash Loan Attack with Unexpected Twist – Here's What Happened

cryptonews.com:

Decentralized finance (DeFi) protocol Platypus Finance has lost $8.5 million after suffering a flash-loan attack. However, with the help of some on-chain sleuths, the project managed to track down the hacker and even recover some funds. 

On Thursday, an exploiter took advantage of a flaw in the Platypus USD (USP), the protocol’s stablecoin, via a flash loan attack to steal user funds. "They used a flashloan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral," the project confirmed in a Twitter post.

The project detailed that nearly $8.5 million worth of funds were stolen from the main pool. As a result, the Platypus USD stablecoin became de-pegged from the U.S. dollar, dropping to an all-time low of $0.33, down more than 66% compared to its intended $1 peg. 

Platypus added that deposits were covered at 85% and that other pools were unaffected. The company said it has contacted the hacker to negotiate a bounty for the return of the funds and also started working with major crypto companies to freeze funds. 

Shortly after, crypto on-chain sleuth ZachXBT revealed that a now-deleted Twitter account going by @retlqw was responsible for the hack, alleging that the addresses identified by Platypus are linked to the account.

"I've traced addresses back to your account from the Platypus exploit and I am in touch with their team and exchanges," ZachXBT said in a tweet aimed at user @retlqw. "We’d like to negotiate returning of the funds before we engage with law enforcement."

ZachXBT said that he managed to trace the hacker by reviewing their transaction history across multiple chains, which led me to their ENS address retlqw.eth. "Your OpenSea account links directly to your Twitter and