According to CertiK's monitoring, a flash loan attack occurred on the Platypus USD stablecoin project on Avalanche, resulting in a total asset loss of about 9 million US dollars. Most of the stolen funds remained in the attacker’s contract address, with some being sent to the EOA and AAVE pools. The vulnerability appears to be in the emergencyWithdraw function's validation of the MasterPlatypusV4 contract, which only fails if the borrowed asset exceeds the borrow limit. The function then proceeds to process all user deposit asset transfers regardless of the value of the asset borrowed by the user. The official Platypus Telegram channel stated that USP was attacked by flash loans and is currently working hard to assess the situation, and all activities have been suspended.