In a surprising turn of events, a French court has allowed two brothers, Mohammed M. and Benamar M., to walk free despite their involvement in an $8.5 million theft from the decentralized finance (DeFi) protocol Platypus. The brothers' defense that they were acting as 'ethical hackers' swayed the court's decision, leaving Platypus to grapple with the financial aftermath.
The Flash Loan Attack on Platypus
The incident, which unfolded on February 16, involved the exploitation of a code error in Platypus’s system. The hackers utilized a flash loan attack, a method that involves borrowing large amounts of cryptocurrency and manipulating the market to profit, to drain $8.5 million from the protocol. This maneuver forced Platypus to suspend its trading services temporarily.
Investigation and Tracing of Stolen Funds
Following the attack, Binance’s security team, along with independent crypto investigators, traced the stolen funds, leading to the identification of Mohammed and Benamar M. as the perpetrators. The brothers were taken into custody on February 24, awaiting trial.
Court Hearing and Defense as Ethical Hackers
During the court hearing on October 26, the brothers admitted to stealing and funneling the funds but claimed to be 'ethical hackers.' They proposed returning the funds in exchange for 10% of the total amount stolen, likening their actions to a bug bounty attempt. Remarkably, the court accepted this defense and cleared them of all criminal charges.
Complications and Inaccessible Funds
Despite the court's decision, the situation remains complex. A significant portion of the stolen funds, amounting to 7.8 million euros in cryptocurrency, became trapped in a wallet, rendering them inaccessible.
Further Challenges for Platypus
The legal outcome comes amid continued challenges for Platypus. The DeFi protocol recently suffered another significant loss in a separate flash loan exploit, resulting in a combined loss of around $2.2 million in three separate attacks.
Conclusion: A Precedent in DeFi Legal Cases
The case sets a unique precedent in the world of DeFi and cryptocurrency. It raises questions about the ethical implications of hacking and the legal boundaries within the rapidly evolving DeFi sector. For Platypus, the recovery from these financial setbacks remains an ongoing challenge, highlighting the vulnerabilities and legal ambiguities in the world of decentralized finance.