Platypus Hackers Cleared of Charges, Claim ‘Ethical Hacker’ Status
In a surprising turn of events, two brothers responsible for the theft of $8.5 million from the decentralised finance (DeFi) protocol Platypus have been allowed to walk free by a French court. The court’s decision has sparked controversy and discussions about ethical hacking and cybersecurity boundaries.
On February 16th, 2023, a significant hack shook the world of DeFi when hackers executed a flash loan attack, draining $8.5 million from the Platypus protocol. This malicious act forced Platypus to suspend its trading services, causing panic among its users and investors. Initial investigations quickly pointed to Mohammed M. as the mastermind behind the attack. He had exploited a code error to withdraw all the assets through an uncollateralised loan.
With the assistance of Binance‘s security team and independent cryptocurrency investigators, the stolen funds were successfully traced back to the culprits—Mohammed and his brother, Benamar M. These two individuals found themselves in custody, awaiting their fate as legal proceedings unfolded.
The Ethical Hacker Defense
In a twist that surprised everyone, the brothers presented an unconventional defence during an October 26th court hearing. They claimed to be “ethical hackers” who had undertaken this audacious act to return the stolen funds to the protocol. They aimed to negotiate a deal granting them 10% of the stolen loot, akin to a bug bounty attempt.
This unexpected assertion created a unique legal problem. Were these individuals truly ethical hackers acting in the best interests of Platypus, or were they trying to evade the consequences of their actions by using a cleverly crafted defence?
The Verdict and Its Implications
After careful deliberation, the French court cleared the brothers of all criminal charges. The court found that although Mohammed’s actions resulted in a substantial financial loss for Platypus, they did not constitute fraud. This was because he had accessed a publicly available smart contract; therefore, the charges related to unauthorised access to a computer system did not apply.
Furthermore, the court determined that Mohammed’s use of Platypus’s “emergency withdrawal” smart contract, which had the vulnerability he exploited, did not constitute fraud either. These findings also dropped charges related to money laundering and receiving stolen goods.
While the court’s verdict may have absolved the brothers of criminal liability, they were not entirely off the hook. The judges reminded them that Platypus still had the option to pursue them in civil court, indicating that the decision was not a carte blanche for further misdeeds.
Aftermath and Ongoing Challenges
The aftermath of this case has left the cryptocurrency community divided. Some view it as a victory for ethical hackers who may have uncovered vulnerabilities for the greater good of DeFi protocols. Others, however, are concerned that this verdict could set a dangerous precedent, encouraging hackers to adopt the “ethical hackers” guise to evade legal consequences.
In a cruel twist, Platypus recently suffered another blow, losing $2.2 million in a separate flash loan exploit. This incident highlights DeFi platforms’ ongoing challenges in securing their protocols against malicious actors.
Conclusion
The case of the Platypus hackers has ignited a heated debate about the boundaries between ethical hacking and criminal activity in the cryptocurrency world. While the French court’s decision has cleared the brothers of criminal charges, it has also raised important questions about the future of cybersecurity and the accountability of those who exploit vulnerabilities in DeFi protocols. As the crypto space continues to evolve, it is clear that these ethical dilemmas will persist, challenging the industry to find a balance between security and innovation.