Platypus Recovers 90% of Stolen Funds from Recent Exploit

Decentralized finance (DeFi) protocol Platypus has made significant strides in recovering assets stolen in a recent exploit. On 17 October 2023, the protocol announced via its Twitter handle, Platypusdefi, that it had successfully negotiated with the exploiter and recovered 90% of the funds siphoned off from the sAVAX pool during an exploit on 12 October 2023. The recovery reduced the net loss to approximately 18,000 AVAX. The announcement came as a relief to the Platypus community, who had been on tenterhooks since the exploit occurred.

The episode on 12 October 2023 was not the first time Platypus had been targeted. The protocol had suffered two previous flash loan attacks in 2023, losing $8.5 million in February and around $157,000 in July. Platypus had since been on a mission to enhance its security infrastructure to prevent further occurrences. However, the attacks in October, where three consecutive exploits led to a loss of over $2 million, demonstrated the persistent vulnerabilities within the protocol’s system. The hackers managed to extract $1.2 million in the first attack, $575,000 in the second, and $450,000 in the third, all within a span of hours.

Platypus acknowledged the crucial role that the community played in resolving the crisis swiftly. The community’s support facilitated the quick identification and resolution of the hacking incident, enabling a prompt response. The protocol expressed its gratitude towards its community members for their assistance during this trying period.

In light of these attacks, Platypus halted all pools and initiated a thorough investigation to pinpoint the root cause of the recurrent exploits. The protocol is also making arrangements for the withdrawal of all existing liquidity providers and is in the process of sharing detailed withdrawal instructions with its community. Additionally, the DeFi protocol has been working on a compensation plan for users who lost their assets in the previous attacks, demonstrating its commitment to making amends and ensuring such security breaches are averted in the future.

Meanwhile, efforts to bring the culprits to book saw some success earlier in the year when French police arrested two suspects related to the February hack, seizing around $222,000 worth of crypto assets on 25 February 2023. This action was supported by crypto investigator ZachXBT and the Binance exchange, showcasing a collaborative effort in combating crypto-related crimes.

Image source: Shutterstock


Tagged : / / / / / / /

Euler Finance Hacker Returns Stolen Funds

On March 13, 2023, Euler Finance suffered a flash loan attack, resulting in the theft of $196 million worth of various tokens, including Dai, USDC, StETH, and WBTC. This attack drained millions of dollars from Euler Finance’s smart contracts, causing the total value locked inside them to drop from over $311 million to $10.37 million. Additionally, 11 different DeFi protocols, including Balancer,, and Yield Protocol, either froze or lost funds.

Following the attack, Euler Finance took proactive measures to recover the stolen funds. The protocol disabled its vulnerable etoken module and donation function as the first course of action and worked with auditing companies to analyze the root cause of the exploit. At the same time, Euler Finance attempted to contact the hacker to negotiate a bounty.

On March 15, Euler Finance gave the hacker an ultimatum to return 90% of the stolen funds or face a $1 million reward for information leading to their arrest. The hacker, however, started moving funds at will, causing chaos and distress among the victims. Despite this, one victim managed to convince the hacker to return their life savings, resulting in the hacker beginning to return stolen funds over several days.

Meanwhile, Euler Finance’s CEO, Michael Bentley, revealed that ten separate audits over two years deemed the protocol “nothing higher than low risk” with “no outstanding issues.” However, the hack exposed the protocol’s vulnerability and the need for improved security measures.

On March 21, Euler Finance launched a $1 million bounty reward against the hacker after being ghosted mid-conversation while trying to strike a deal. However, the hacker started returning the stolen assets in large numbers on multiple occasions, starting on March 25. Finally, 23 days after the hack, Euler Finance announced that the stolen funds had been recovered, and the $1 million bounty was no longer accepting new information.

In the final transactions, the hacker returned 12 million DAI and 10,580 ETH in multiple transactions. The crypto community applauded Euler Finance’s efforts to recover the funds and restore investor confidence. Gnosis, the team behind Gnosis Safe multisig and Gnosis Chain, recently launched a hash oracle aggregator to improve the security of bridges by requiring more than one bridge to validate a withdrawal.

The Euler Finance hack serves as a cautionary tale for the DeFi industry, highlighting the importance of comprehensive security measures and frequent audits. It also demonstrates the benefits of negotiating with hackers to recover stolen funds and the role of the community in restoring investor confidence. Overall, the recovery of the stolen funds is a significant victory for Euler Finance and the DeFi industry as a whole.


Tagged : / / / / /

Euler Finance Audited 10 Times Before $196 Million Attack

Euler Finance, an Ethereum-based lending protocol, underwent 10 audits from six different blockchain security firms between May 2021 and September 2022. The audits ranked the risk assessment of the platform, measuring the “likelihood of a security incident” and the impact it may have. The risk level for Euler ranged from very low and informational to critical, with none deemed “nothing higher than low risk” with “no outstanding issues.” Despite the extensive audits, Euler suffered a $196 million flash loan attack on March 13, 2023.

In response to the attack, Euler Labs CEO Michael Bentley described it as the “hardest days” of his life in a series of tweets on March 17. He retweeted a user sharing information that Euler had undergone ten audits, commenting that the platform “has always been a security-minded project.” Euler had also issued a warning only 24 hours before launching a $1 million bounty for information leading to the hacker’s arrest, stating that it would launch a bounty “that leads to your arrest and the return of all funds” if 90% of the funds were not returned within 24 hours.

Despite the audits, Euler’s attacker began moving funds through crypto mixer Tornado Cash on March 16, only hours after the bounty was launched. In his Twitter thread, Bentley expressed his frustration at the attack and the sacrifices he had to make as a result, including time with his newborn son. However, he also thanked the security experts who are “working on leads” for the investigation.

While some blockchain security firms, such as Omnisica, found and addressed some “incorrect paradigms” in Euler’s base swapper implementation and how the swap mode was “handled by the codebase,” the audits concluded that Euler had “properly dealt” with these issues, with “no outstanding issues” remaining. Halborn’s audit summary in December 2022 also stated that it had found “an overall satisfactory result.”

In conclusion, Euler Finance’s 10 audits from six different blockchain security firms in two years did not prevent a $196 million flash loan attack. Despite the audits deeming the platform “nothing higher than low risk” with “no outstanding issues,” the attacker was able to move the funds through crypto mixer Tornado Cash only hours after Euler launched a $1 million bounty for their arrest. The investigation into the attack is ongoing.


Tagged : / / / / /

Hacker moves stolen funds after bounty launch

A hacker responsible for a $196 million attack on Euler Finance has moved some of the stolen funds into the crypto mixer Tornado Cash, just hours after a $1 million bounty was launched to identify the perpetrator. The attack, carried out through a flash loan on the Ethereum noncustodial lending protocol, resulted in the theft of a range of cryptocurrencies including Dai, USD Coin, staked ETH and wrapped Bitcoin. Blockchain analytics firm PeckShield reported on Twitter that the hacker had transferred 1,000 ETH, equivalent to around $1.65 million, via the sanctioned mixer. Euler Labs had previously sent a message to the attacker’s address warning of the bounty and offering amnesty if 90% of the funds were returned within 24 hours. However, the hacker’s movement of funds suggests that they are not swayed by this offer.

Victims of the attack have been appealing for the return of their funds, with one message on the blockchain claiming that a group of 26 families from jobless rural areas had lost a total of $1 million in the attack. Another message was sent by an apparent victim who congratulated the hacker on their “big win”, but begged for help as they had invested funds they “desperately needed” for a house. “My wife is going to kill me if we can’t afford our house. Is there anyway you can help me? I have no idea what to tell my wife,” they wrote.

The hacker’s use of a crypto mixer is a common tactic for obscuring the source of funds, and is likely to make it harder for authorities to identify them. However, the blockchain trail may still provide some clues, and the bounty may encourage individuals to come forward with information. The incident highlights the risks associated with DeFi and the importance of robust security measures.


Tagged : / / / / /

Euler Finance suffers $197M DeFi hack

Euler Finance, a DeFi lending protocol, suffered a flash loan attack on March 13, resulting in the biggest hack of crypto in 2023 so far. The lending protocol lost nearly $197 million in the attack, impacting more than 11 other DeFi protocols as well. Euler Finance disabled the vulnerable etoken module and vulnerable donation function to block deposits.

On March 14, Euler Finance updated its users on the situation and notified them of the disabled features. The firm stated that it works with various security groups to perform audits of its protocol, and the vulnerable code was reviewed and approved during an outside audit. However, the vulnerability remained on-chain for eight months until it was exploited, despite a $1 million bug bounty in place.

Sherlock, an audit group that has worked with Euler Finance in the past, verified the root cause of the exploit and helped Euler submit a claim. The audit protocol later voted on the claim for $4.5 million, which passed, and later executed a $3.3 million payout on March 14.

In its analysis report, the audit group noted a significant factor for the exploit: a missing health check in “donateToReserves,” a new function added in EIP-14. However, the protocol stressed that the attack was still technically possible even before EIP-14.

Sherlock noted that the Euler audit by WatchPug in July 2022 missed the critical vulnerability that eventually led to the exploit in March 2023. Euler has also reached out to leading on-chain analytic and blockchain security firms, such as TRM Labs, Chainalysis, and the broader ETH security community, in a bid to help them with the investigation and recover the funds.

Euler Finance has notified that they are also trying to contact those responsible for the attack in order to learn more about the issue and possibly negotiate a bounty to recover the stolen funds. The incident highlights the need for regular audits of DeFi protocols to detect vulnerabilities and prevent hacks. As DeFi continues to grow and attract more users, security and reliability will become even more critical for the industry’s success.


Tagged : / / / / /

Euler Finance Suffers Flash Loan Attack, Loses Millions in Multiple Cryptocurrencies

On March 13, 2023, Euler Finance, an Ethereum-based noncustodial lending protocol, became the victim of a flash loan attack. The attacker managed to steal millions in various cryptocurrencies, including Dai, USD Coin, staked Ether, and wrapped Bitcoin. According to on-chain data, the exploiter carried out multiple transactions and stole nearly $196 million, making it the largest hack of the year.

The breakdown of stolen funds is as follows: $87 million in Dai, $51 million in USDC, $40 million in stETH, and $17 million in WBTC. Euler Finance has not yet made an official statement regarding the attack, and it remains unclear whether the stolen funds will be recovered.

Crypto analytic firm Meta Seluth stated that the attack is related to a deflation attack that occurred one month ago. The attacker used a multichain bridge to transfer the funds from the Binance Smart Chain (BSC) to Ethereum and launched the attack today. ZachXBT, another prominent on-chain sleuth, reiterated the same and said that the movement of funds and the nature of the attack seem quite similar to the black hats that exploited a BSC-based protocol last month.

The attack on Euler Finance highlights the risks associated with flash loans, which are uncollateralized loans that allow traders to borrow large amounts of capital without putting up any assets as collateral. Flash loans have become increasingly popular in the DeFi space and have been used in several high-profile attacks, including the $600 million hack of Poly Network in August 2021.

Flash loan attacks are a growing concern for the DeFi ecosystem, and several projects have taken steps to mitigate the risks associated with these loans. For example, Aave, a popular DeFi lending platform, has implemented a cooldown period for flash loans, requiring borrowers to wait for a period before taking out another loan. Similarly, Compound Finance has implemented a fee on flash loans to deter attackers.

Euler Finance is just the latest DeFi project to fall victim to a flash loan attack, highlighting the need for better security measures in the DeFi ecosystem. As the DeFi space continues to grow, it is essential to implement robust security measures to protect users’ funds and prevent attacks like these from happening in the future.


Tagged : / / / / /

Belt Finance to Compensate Users Following $6.3 Million Attack

In recent days, the Binance Smart Chain network has been a hotspot for flash loan attacks. There have been multiple attacks on popular liquidity protocols like PancakeBunny and Bogged Finance, resulting in losses worth millions of dollars. The latest victim has been Belt Finance, another BSC-based lending protocol that lost $6.3 million in a series of transactions that manipulated the system.

Belt Finance Shares Compensation Plan

The Rekt Blog, in a post mortem on the exploit, referred to it as “another notch in the now-famous flash loan exploit season on the BSC.”

However, the project has announced a compensation plan, which is intended especially for users who had funds in the 4Belt pool or beltBUSD vault, both of which were targeted by the attack. BELT token holders would also be compensated since its price dumped 54% following the attack.

“The price of the BELT token is a direct reflection of the value of Belt Finance as a protocol, and while BELT may not be a part of our 4Belt pool, it is representative of the faith our users have vested in us.”

The first phase in the compensation plan is to take a snapshot of the 4Belt pool and 4BELT token holder addresses. They will receive remedy4BELT (r4BELT) tokens in proportion to their pre-attack holdings.

According to the blog, these new tokens can be utilized to acquire further compensation over time. Users will need to deposit new tokens alongside existing ones on PancakeSwap in order to get liquidity provider tokens, which must then be staked back into the network, implying that compensation must be effectively earned.

It was also indicated that 67 percent of the team’s unlocked allocation would be transferred to r4BELT compensation, equating to 864 tokens every day. In addition, the team will also donate $3 million USD to establish a new BELT buyback fund. PancakeSwap’s initial public offering will raise $1.5 million.

The Attack

The attack on Belt Finance caused losses of over six million dollars. The attacker leveraged Pancakeswap to carry out its plan, manipulating its belt/BUSD pool, a protocol-wide stable coin, and profiting from its inefficiency. According to the Belt Finance team’s post mortem analysis, the attackers exploited this vulnerability eight times before it was spotted.

Belt Finance’s team promptly halted withdrawals and deposits to the impacted pools, claiming that the attack vector had been addressed following the attack.

Related posts:

Like BTCMANAGER? Send us a tip!

Our Bitcoin Address: 3AbQrAyRsdM5NX5BQh8qWYePEpGjCYLCy4


Tagged : / / / /

DeFi Protocols Cream Finance, Alpha Lose $37.5M in Exploit; ‘Prime Suspect’ ID’d

Decentralized finance protocols (DeFi) Cream Finance and Alpha Finance were victims of an exploit Saturday morning resulting in a loss of funds totaling $37.5 million, according to transaction details on Etherscan.

Two hours later Cream said its contracts were “functioning as normal” and markets had been enabled.

Alpha Finance then posted its own announcement, saying its Alpha Homora V2 product as the root cause. They confirmed that they’re working with DeFi guru Andre Cronje and Cream Finance to investigate the incident, and that the loophole had been fixed. They also said that they “have a prime suspect” in mind.

 Earlier, Cream Finance tweeted an update on the incident saying that asset borrowing from its recently launched Iron Bank lending feature had been suspended. That tweet has since been deleted.

This is the second attack on an Cronje-associated protocol in the last two weeks. Cronje’s Yearn Finance suffered an an exploit in one of its DAI lending pools, according to the decentralized finance (DeFi) protocol’s official Twitter account.  That exploit drained $11 million.

This story is developing and will be updated.



Tagged : / / / / / / / /

DeFi’s Yearn.Finance Protocol Suffers $2.8 Million Flash Loan Attack

Yearn.Finance DeFi (decentralized finance) protocol has announced that one of its DAI stablecoin lending pools has been exploited, leading to the loss of $2.8 million. suffers a flash loan attack

Banteg, one of the Yearn’s core developers, shared the incident on Twitter social media. He said:

“Yearn DAI v1 vault got exploited, the attacker got away with $2.8m, the vault lost $11m. Deposits into strategies disabled for v1 DAI, TUSD, USDC, USDT vaults while we investigate.”

Yearn.Finance Twitter official page also confirmed the incident: “We have noticed the v1 yDAI vault has suffered an exploit. The exploit has been mitigated. Full report to follow.”

The suspect is said to have used an Aave flash loan to trigger the vault draining, thus getting away with $2.8 million and the vault losing $11 million.

The founder of DeFi platform Aave, Stani Kulechov, talked about the transaction at the core of the exploit, involving multiple DeFi protocols and over $5,000 worth of Ethereum transaction fees. Kulechov said: “Complex exploit with over 160 nested transactions and 8,6 mm gas used (around 75% of the block) resulted to 2.7 mm USD loss.”

The vault attacked was Yearn’s v1 DAI vault, which updated to a new investment strategy in January. At the time of the attack, the vault’s strategy was to deposit all funds into the “3pool” on the AMM (automated market marker) Curve. Curve’s 3pool contains USDC, USDT, and DAI, allowing users to swap any of the stablecoins for another efficiently.

DeFi’s Challenges

Yearn.Finance is one of the leading protocols running on the Ethereum blockchain that allows users to optimize their earnings on cryptocurrencies through trading and lending services. Yearn.Finance capitalizes on a practice commonly identified as “yield farming” in which users lock up cryptocurrencies in the DeFi protocol so as to earn more crypto assets. However, such protocols have become a nightmare for some crypto users who have been robbed and conned of millions of dollars in valuable digital assets.

DeFi smart contracts are not infallible and there is always a risk that users may lose their funds if they use them. However, this does not mean the DeFi is inherently dangerous, but users should exert caution when leveraging its protocols.   

Image source: Shutterstock


Tagged : / / /

Origin Protocol begins accepting compensation claims following $7M exploit

Origin Protocol, a DeFi stablecoin project, will begin accepting claims from users who were affected by a $7 million exploit that occurred back in November 2020.

According to a blog post from Origin on Jan. 20, the project announced it will be making good on a December promise to compensate more than 700 victims of a $7 million flash loan attack on the protocol’s Origin Dollar (OUSD).

In addition, Origin users who lost more than 1,000 OUSD can make a second transaction “to claim and stake OGN,” the protocol’s governance token. Though users who stake OGN will have their funds locked for the next 365 days, they can reportedly expect to receive “interest in the form of additional OGN” at a rate of 25%.

Origin Protocol co-founder Josh Fraser told Cointelegraph that the project hopes “to build trust” among many of the platform’s users by offering this compensation. The Origin exec said he still expects OUSD will become a way for the “average person to participate in DeFi.”

As part of its efforts to prevent similar flash loan attacks, Origin stated it had overhauled “every aspect” of its engineering and product development process to focus on security. The blog post stated that the project had recently completed multiple audits of Origin’s smart contracts and planned to offer users optional insurance coverage for yield farming.

“We’re thoroughly reviewing and learning from other exploits in the industry and confirming that our code is not subject to the same vulnerabilities,” said the post. “Our top priority is to make OUSD the safest way to earn highly competitive yields from DeFi.”

At time of publication, the largest claim made has been for 38,796 OUSD, with the smallest from a user asking to be compensated for roughly 10 OUSD. Origin will accept claims for OUSD and OGN until 4:35 UTC on April 20.