Platypus exploiters walk free after claiming to be ‘ethical hackers’


A French court has allowed two brothers responsible for the theft of $8.5 million from decentralized finance (DeFi) protocol Platypus to walk free with no repercussions.

On Feb. 16, hackers managed to drain and move $8.5 million from Platypus through a flash loan attack, forcing the protocol to suspend trading services until a resolution was found. Initial investigations identified the culprit as Mohammed M., who took advantage of a code error and withdrew all assets through an uncollateralized loan.

With the help of Binance’s security team and independent crypto investigators, the stolen funds were tracked, eventually leading to the hackers: Mohammed and his brother Benamar M.

The brothers had been held in custody since Feb. 24, and they admitted to stealing and siphoning the funds in an Oct. 26 court hearing — but claimed to be “ethical hackers.” They also told the Paris judicial court they had intended to return the funds in exchange for 10% of the loot.

Considering its similarity to a bug bounty attempt, the court cleared the brothers of all criminal charges. During the exploit, 7.8 million euros worth of crypto tokens became inaccessible after getting stuck in a wallet.

Related: Platypus Finance recovers 90% of assets lost in exploit

Amid the legal proceedings related to the hack, Platypus recently suffered a $2.2 million loss in another flash loan exploit.

Blockchain security firm CertiK’s investigation revealed that the Oct. 12 hack was carried out in three parts, with each attack draining $2.23 million, $575,000 and $450,000, respectively, in various cryptocurrencies.

On Oct. 17, Platypus managed to recover 90% of the stolen following an agreement with the hacker. 

Magazine: This is your brain on crypto: Substance abuse grows among crypto traders