The hack was perpetrated through a flash loan attack
Polter Finance, a decentralized platform specializing in lending and borrowing, has halted its operations following a significant hack that resulted in the loss of $12 million. The breach, confirmed on November 17, targeted the platform’s newly launched SpookySwap (BOO) market, which reportedly had a valuation of just $3,000.
The platform was paused soon after the exploit was identified.
Bridges were notified.
We identified wallets involved and traced it to Binance.
We are still investigating the nature of the exploit.
We are in the processing of contacting the Authorities.— polterfinance💥 (@polterfinance) November 17, 2024
According to Web3 security firm TenArmor, the exploit involved a flash loan attack linked to a faulty oracle price mechanism. The attacker drained Polter Finance’s total value locked (TVL), affecting multiple assets, including $7.87 million in Fantom (FTM), $1.03 million in wrapped USD Coin (USDC), and smaller amounts of other cryptocurrencies like Magic Internet Money (MIM).
Polter Finance alerted investors on X and began investigating the stolen funds, tracing them to wallets on Binance. The platform also reached out to the hacker through an on-chain message, offering a chance for negotiation and immunity if the funds were returned. As of now, there has been no response.
The platform’s pseudonymous founder, known as Whichghost, filed a police report in Singapore. In the report, the founder stated personal losses of $223,219 and confirmed that the attack exploited a newly deployed smart contract for BOO token lending. The incident is under investigation by local authorities, who verified Whichghost’s identity using Singpass, Singapore’s national digital ID system.
Despite Polter’s efforts to recover the funds, community members have raised questions about the incident, with some suggesting the possibility of insider involvement. Polter Finance has since announced a collaboration with the Security Alliance Information Sharing and Analysis Center (SEAL-ISAC) to enhance its efforts in tracking down the perpetrator.
