French Court Acquits Hackers Accused of Targeting Avalanche Stablecoin Project Platypus

A French court has acquitted the individuals accused of orchestrating the $8.5 million hack on Platypus Finance, an automated market maker (AMM) protocol on the Avalanche blockchain.

According to a report by Le Monde, the defendants, identified as Mohammed and Benamar M., were arrested shortly after the attack, thanks to the assistance of crypto investigator ZachXBT and Binance. 

The 22-year-old Mohammed faced charges related to the cyberattack, while his brother was accused of receiving stolen goods. Prosecutors had sought a five-year prison sentence for Mohammed.

During the trial, Mohammed claimed to be an “ethical hacker” who planned to return the stolen funds to the protocol, hoping to receive a 10% bonus. 

However, due to an error during the flash loan attack, he inadvertently locked away a significant portion of the stolen funds, managing to recover only around $270,000. 

In a counter-hack, Platypus was able to salvage $2.4 million in USDC.

Court Dismisses Charges of Unauthorized Access

The court ruled that since the smart contract used by Mohammed was publicly accessible, charges of unauthorized access to a computer system did not apply. Furthermore, the court deemed Mohammed’s use of Platypus’s “emergency withdrawal” smart contract, which had the vulnerability he exploited, as not constituting fraud.As a result, the charges related to money laundering and receiving stolen goods were also dropped. However, the court reminded the brothers that Platypus could still pursue legal action against them in civil court. The judges made it clear that the acquittal did not grant them unrestricted immunity.Back in October, Platypus Finance fell victim to a security breach resulting in the loss of over $2 million.The attack was executed through a flash loan attack, specifically targeting the AVAX-sAVAX liquidity pool.Flash loans are a feature in decentralized finance that enables users to borrow assets without providing collateral, as long as the loan is repaid within the same transaction block. Unfortunately, attackers have found ways to exploit this mechanism, manipulating market prices or exploiting vulnerabilities within DeFi protocols. By borrowing substantial sums, attackers can artificially create market conditions, taking advantage of the resulting discrepancies for profit before repaying the loan, all within a single transaction block.

Long Way Before Crypto is Safe

While crypto security is without a doubt a critical concern, the industry is still in its early stages when it comes to protecting digital assets.“With numerous hacks and exploits occurring, it’s evident that there’s a lot of work to be done to make the field safer,” Sipan Vardanyan, CEO and Co-Founder at crypto security firm Hexens, said in a recent interview with Cryptonews.So far this year, Web3 platforms have lost over $1.2 billion in hacks and rug pulls, according to a report from Web3 bug bounty platform Immunefi.The report revealed a total of 211 separate incidents contributing to this massive sum, with the month of August alone accounting for $23.4 million in losses.