Platypus hacker walks free with $8.5M after claiming to be ‘ethical hacker’

Table of Contents

Two brothers, responsible for the theft of $8.5 million from decentralized finance (DeFi) protocol Platypus, were allowed to walk free with no repercussions by a French court. 

On Feb. 16, hackers managed to drain and move $8.5 million from Platypus through a flash loan attack, forcing the protocol to suspend trading services until a resolution was found. Initial investigations identified Mohammed M. as the culprit, who took advantage of a code error and withdrew all assets through an uncollateralized loan.

With the help of Binance’s security team and independent crypto investigators, the stolen funds were tracked, eventually leading to the hackers — Mohammed and his brother Benamar M.

While the duo were held indefinitely in custody from Feb. 24, on an Oct. 26 court hearing, the brothers claimed to be “ethical hackers” while admitting to stealing and siphoning the funds. The hackers also told the Paris judicial court about their intent to return the funds in exchange for 10% of the loot.

Considering the similarity to a bug bounty attempt, the brothers were cleared of all criminal charges. During the exploit, 7.8 million euros worth of crypto tokens became inaccessible after getting stuck in a wallet.

Related: Platypus Finance recovers 90% of assets lost in exploit

Amid legal proceedings related to the hack, Platypus recently suffered a loss of $2.2 million in another flash loan exploit.

Blockchain security firm CertiK’s investigation revealed that the Oct. 12 hack was carried out in three parts, with each attack draining $2.23 million, $575,000 and $450,000, respectively, in various cryptocurrencies.

On Oct. 17, Platypus managed to recover 90% of the stolen following an understanding with the hacker.

Magazine: This is your brain on crypto: Substance abuse grows among crypto traders