Crypto Lending Protocol Polter Finance Suffers $12M Exploit, Suspends Operations
Key takeaways
- Decentralized crypto lending protocol Polter Finance suffered an exploitation that drained $12 million from its total value locked (TVL).
- The flash loan hack which affected the platform's newly launched SpookySwap (BOO) market was traced to Binance wallets.
- Polter Finance halted its operations following the exploit and has offered impunity to hackers to recover the funds.
Polter Finance Records $12 Million ExploitCrypto lending platform Polter Finance has witnessed a flash loan hack that reportedly drained about $12 million of its total value locked (TVL). In an X post, Polter Finance confirmed the hack and its move to suspend operations.
The crypto lender noted that it has notified all the affiliate bridges to its platform. It has also started investigating the nature of the hack and related Binance wallet addresses connected to the fund transfers.
In a separate report, a Web3 security company, TenArmor, revealed some details regarding the exploit on Polter Finance. According to the security firm, the incident is an oracle price-related exploitation which affected Polter Finance's newly launched SpookySwap (BOO) market.
Notably, the exploiter used a flash loan to manipulate the price of the SpookySwap BOO token.
TenArmor reported: The price of SpookySwap BOO token in the leading pool relied on the spot price from spookySwap v3 pool and v2 pair - Calculated as the token balance ratio in the pool. This mechanism was easily manipulated by the attacker using a flash loan."
The BOO market, which facilitated the $12 million exploit, had just $3,000 in valuation.
Polter Finance's Fund Recovery ApproachPolter Finance has initiated some investigative and recovery moves after the exploit. In another X post, the decentralized non-custodial lending and borrowing protocol outlined its plans to contact the hacker through on-chain messages.
The protocol promised to offer impunity to the exploiter to encourage the return of the stolen funds and further negotiation.
Additionally, Whichghost, the pseudonymous founder of the lending platform, took to X to disclose the firm's investigatory steps. The founder mentioned that the protocol filed a police report with Singapore authorities on the same day the attack happened.
The police report highlighted Whichghost's identity as Singpass, a digital identity for confirmed citizens and residents of Singapore. The report also indicated that Polter Finance lost crypto assets worth over 16.1 million Singapore dollars ($11.98 million).
Whichghost revealed that the hacked amount included $223,219 in personal losses even though he didn't release his login details (private keys) to anyone.
Regarding the BOO token exploit, Whichghost believes the market's smart contract suffered a compromise that facilitated the unauthorized fund transfers.
Meanwhile, many crypto community members have remained skeptical of Polter Finance's efforts after the hack. Some believe an insider possibly masterminded the attack. On the other hand, critics described the filed police report as a distraction from the project's internal security.
To disperse skepticism, Polter Finance revealed the collaboration with the Security Alliance Information Sharing and Analysis Center (SEAL-ISAC) to facilitate the investigation.
The post Crypto Lending Protocol Polter Finance Suffers $12M Exploit, Suspends Operations appeared first on Techreport.