Platypus Finance Hackers Cleared of All Charges on ‘Ethical Hacker’ Defense


The individuals accused of orchestrating the $8.5 million hack of Platypus Finance, an Automated Market Maker (AMM) protocol on Avalanche in February 2023, have been cleared of criminal charges by a French court, according to Le Monde.

The defendants, identified as Mohammed and his brother Benamar M., were arrested approximately one week after attacking the platform.

Defendants Assert ‘Ethical Hacker’ Defense

Following the February hack of Platypus Finance, the efforts of crypto investigator ZachXBT and assistance from Binance helped French authorities identify the brothers. Subsequently, the 22-year-old Mohammed faced multiple charges related to the attack, as reported by Le Monde. His brother, Benamar M., was charged with receiving stolen goods.

Prosecutors initially sought a five-year prison sentence for Mohammed in connection with the criminal charges. However, the defendants were ultimately acquitted after Mohammed presented the defense that he identified as an “ethical hacker.” According to the argument, Mohammed hoped to receive a bonus of 10% of the total sum as part of his efforts to rectify the situation.

During the flash loan attack, Mohammed made a critical error that resulted in millions of dollars of stolen funds being inadvertently locked away, with only around $270,000 recovered. In response, Platypus Finance executed a counter-hack, reclaiming $2.4 million in USDC.

The tribunal judges ruled that since Mohammed accessed a publicly available smart contract, charges related to unauthorized access to a computer system were not applicable. Additionally, the court determined that Mohammed’s use of Platypus’s “emergency withdrawal” smart contract, which contained the vulnerability he exploited, did not constitute fraud.

Given the dismissal of fraud charges, the tribunal also dropped charges related to money laundering and receiving stolen goods. However, the judges reminded the brothers that Platypus Finance could still pursue civil action against them. While the criminal charges did not hold up, the court emphasized that this decision was not a blanket approval of their actions.

Flash Loan Attacks Persist

Platypus Finance faced another attack in October, resulting in a loss of over $2 million. The blockchain security firm PeckShield quickly informed the community about the hack on October 12, prompting the platform to suspend all pools temporarily. On-chain data showed that the attackers specifically focused on the AVAX-sAVAX liquidity pool.

The hacks on the protocol are not isolated events, as other platforms have faced similar flash loan attacks in recent months. Some of these are KyberSwap in November, BNB Chain in October, Sturdy Finance in June, and Euler Finance in March, further highlighting the ongoing challenges and vulnerabilities DeFi platforms face in maintaining their protocols’ security.

SPECIAL OFFER (Sponsored)

Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

Leave a Comment