Main navigation

Two Avalanche (AVAX) DeFis Hacked in One Day

Advertisement
Fri, 17/02/2023 - 15:14
Two Avalanche (AVAX) DeFis Hacked in One Day
Cover image via stock.adobe.com
Read U.TODAY on
Google News
Advertisement

Today, Feb. 17, 2023, two decentralized finance (DeFi) protocols on Avalanche (AVAX) blockchain were attacked by malefactors. It looks like on-chain researchers managed to find at least one hacker.

One day, two attacks

At around 11:05 a.m. UTC, cryptocurrency security firm PeckShield posted an alert about a possible DeFi hack. Dexible, a multi-blockchain algorithmic trading DeFi protocol that has versions on Ethereum (ETH), Avalanche (AVAX), Poly Network (POLY), BNB Chain (BSC) and so on, lost over $1.5 million due to vulnerability in its codebase.

The vulnerability was found in a swap router contract. The attacker immediately started laundering funds through Tornado Cash (TORN) mixer. Per the first post-mortem released a few minutes ago, the actual size of losses is yet to be calculated:

Advertisement

This allowed the hacker to steal funds from any wallet that had an unspent spend approval on the contract.

Right now, the team is working on a recovery plan. All contracts are paused. Yesterday, the team invited all users to migrate to a new version of smart contract.

Also, Platypus, an Avalanche-based decentralized stablecoin protocol, suffered from an $8.5 million attack. Malefactors managed to organize a flash loan attack; the USP stablecoin of the project dropped below $0.5.  In a collaboration with Tether Limited, the team managed to freeze the funds on the attacker's USDT account.

ZachXBT comes to the rescue: Platypus attacker might be found

Right now, the team is in talks with Binance and Circle to lock the rest of the attackers' loot.

Seasoned cryptocurrency researcher ZachXBT assists the team of DeFi in recovering the funds. He claimed that he discovered the Twitter account of the attacker. The attacker might be using domain retlqw.eth ENS.

Following this statement, retlqw.eth deactivated both its Twitter and Instagram accounts. However, ZachXBT managed to offer him a bug bounty on behalf of the Platypus team.

Related articles

Advertisement
TopCryptoNewsinYourMailbox
TopCryptoNewsinYourMailbox
Advertisement
Advertisement

Recommended articles

Latest Press Releases

Our social media
There's a lot to see there, too

Popular articles

Advertisement
AD