Acquittal of the accused brothers in the hacking of Platypus Finance.
Defense based on “ethical hacking” and locking fund error.
Charges dropped due to lack of evidence of fraud or unauthorized access.
Retrospective of the Platypus Finance hack
In February 2023, Platypus Finance, an Automated Market Maker protocol on Avalanche, was hacked for $8.5 million. The accused, identified as brothers Mohammed and Benamar M., were arrested one week after the hack, following information provided by crypto detective ZachXBT and Binance.
The French authorities charged 22-year-old Mohammed with multiple charges related to the attack, while his brother was accused of possession of stolen goods. Prosecutors requested a five-year prison sentence for Mohammed.
Twists in the case
However, the brothers were acquitted after Mohammed claimed to be an “ethical hacker“, acquiring the funds with the intention of returning them later to the protocol, hoping to receive a 10% reward of the total amount.
During the attack, Mohammed accidentally locked millions of dollars of stolen funds, only managing to recover approximately $270,000. Platypus was able to save $2.4 million in USDC through a counter-hack.
The judges ruled that since Mohammed accessed a publicly available smart contract, charges of unauthorized access to a computer system did not apply.
In addition, Mohammed’s use of Platypus’ “emergency withdrawal” smart contract, the very one that had the exploited vulnerability, was not considered fraud. As a result, the charges of money laundering and possession of stolen goods were also dropped. However, the judges reminded the brothers that Platypus could still pursue them in civil court, stating that the decision was not a “blank check”.