French police arrest 2 people in connection to Platypus attack

cointelegraph.com:

Two suspects have been arrested by the French police in connection with Platypus' $9.1 million exploit, and 210,000 euros worth of cryptocurrency has been seized, according to the local authorities. 

Investigations leading to the arrests were supported by on-chain sleuth ZachXBT and crypto exchange Binance, said Platypus. The decentralized protocol was compromised in three separate flash loan attacks carried out by the same exploiter on Feb. 16.

[#Cybercriminalité]La #PoliceNationale met fin à une escroquerie d'ampleur pour un préjudice de 9,5 millionssur une société américaine d’échange de cryptomonnaies.Interpellation et convocation en justice de 2 individussaisie de 210 000 € en cryptomonnaies#PoliceJudiciaire pic.twitter.com/rKKuG95cWh

The attacks resulted in the theft of several stablecoins and other digital assets. The first attack resulted in the theft of approximately $8.5 million in assets. Approximately 380,000 assets were mistakenly sent to the Aave v3 contract in the second incident. As a result of the third attack, roughly $287,000 was stolen. The attack resulted in the depegged of the Platypus USD (USP) stablecoin from the United States dollar. 

Perpetrators used a flash loan method to explore a logic error in the USP solvency check mechanism within the collateral-holding, Platypus recently confirmed. The stable swap operations have not been affected.

A flash attack is the same method used by Mango Market's exploiter Avi Eisenberg, who claimed responsibility for manipulating the price of the MNGO coin in October 2022. After the exploit, Eisenberg said that “all of our actions were legal open market actions, using the protocol as designed.” Eisenberg was arrested in Puerto Rico on fraud charges on Dec. 28.

Platypu