Counterexploit Salvages Stolen Funds From Platypus Hacker

After the initial hack, Platypus updated its pool contract to counterexploit $2.4 million in USDC from the hacker

article-image

DALL-E modified by Blockworks

share

Platypus, a DeFi stablecoin swapping protocol on Avalanche, was exploited for $8.5 million on Thursday evening.

The exploit occurred via a flashloan attack that took advantage of a flaw in its USP solvency check mechanism — which tricked Platypus’s smart contracts into thinking that USP was fully backed. USP is Platypus’ native stabletoken. 

Soon after the exploit, crypto community members came together to recover the funds. 

ZachXBT — a crypto scam researcher — said on Twitter that he tracked down the attacker’s wallet address after reviewing their own chain history across multiple chains.

“Your OpenSea account links directly to your Twitter and you liked a Tweet about the Platypus exploit,” ZachXBT tweeted.

Loading Tweet..

“We’d like to negotiate returning of the funds before we engage with law enforcement,” he wrote.

Platypus — meanwhile and with the help of BlockSec — updated its pool contract to counterexploit $2.4 million in USDC from the hacker.

“They updated it such that when the exploit contract deposited the USDC (which it is tricked to believe is a flash loan) as collateral for the minting of USP, they could trick the code that it owed 0 USDC back,” Twitter user nervoir said.

The USDC from the fake pool was sent to hardcoded addresses to avoid generalized front runners, nervoir tweeted. 

“The other assets will probably be harder to recover but given that they control the pool code they have significant control,” they said.

Loading Tweet..

Platypus’s stablecoin, USP, lost its peg to the dollar, dropping to $0.48. It then briefly recovered to $0.97, but has since dipped back down to $0.48, data from CoinGecko shows.

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Research Report Templates.png

Research

Maple Finance has successfully navigated significant market challenges through its strategic pivot to secured lending (Maple v2) and the launch of its Syrup product. Syrup has become a primary growth driver, delivering sustainable, outperforming stablecoin yields and rapidly increasing TVL. The upcoming custody-first Bitcoin staking product (istBTC) presents another significant avenue for expansion. Crucially, Maple has achieved operational profitability, a key inflection point that, combined with a fully vested token and active buyback mechanism, strengthens its investment case. While valuation metrics suggest potential undervaluation relative to peers and growth, the primary forward-looking risk identified is the long-term sustainability of its current high-take-rate collateral staking revenue model.

article-image

In 2014, Microsoft virus scanners were detecting viruses in Bitcoin software

article-image

Ledn’s Mauricio Di Bartolomeo explained how this cycle’s been different for the lender

article-image

The shorts looking for funding range from charming animated series to gritty live-action dramas

article-image

Money, it turns out, is emergent, like consciousness

article-image

Bridge flows churn in both directions as risk appetite returns