A French court cleared two brothers of criminal charges stemming from February’s $8.5 million Platypus Finance hack.
Mohammed M., 22, orchestrated the complex flash loan attack. He exploited a smart contract vulnerability to drain funds from the Avalanche-based automated market maker (AMM) project. However, French judges ultimately rejected prosecutors’ demands for multi-year prison sentences.
According to Le Monde, investigators leaned heavily on cryptography pioneers like ZachXBT to track the stolen crypto back to the perpetrators just one week after Platypus was breached.
Also read: U.S. Judge Threatens SEC For False Arguments In Debt Box Case
French court acquits Platypus hackers
The court ruled Mohammed’s unauthorized yet publicly accessible use of smart contracts did not constitute illegal computer system intrusion under criminal statutes. Furthermore, utilizing Platypus’s flawed emergency withdrawal mechanism to siphon tokens failed to pass legal tests for fraud in the judges’ view.
Oddly, Mohammed claimed he always intended to return the funds as an “ethical hacker.” He was hoping to collect a 10% white-hat bounty. However, his fumbling of decryption keys permanently locked most of the stolen loot. Platypus did launch its own counter-hack to regain some stolen USD Coin (USDC) still deposited in AMM liquidity pools.
Also read: When Will Shiba Inu (SHIB) Delete a Zero From Its Price?
The prosecution’s failure serves as a showcase for DeFi criminal enforcement’s emerging jurisdiction. Although defrauded protocols can still file a lawsuit for damages in a civil court, given the novelty and worldwide reach of decentralized networks, more clarification is needed under criminal regulations.