Crypto Lender Polter Finance Shuts Down After Hack Drains Nearly All Funds

2024-11-20 10:28:09

From decrypt by Vismaya V

Decentralized lending platform Polter Finance suffered a devastating exploit on the Fantom blockchain, essentially wiping out most of its assets.

The breach, discovered early Sunday, involved the manipulation of the platform’s token pricing mechanisms, leaving its users in shock.

The attacker began by funneling funds through Tornado Cash, an Ethereum-based coin mixer that conceals the origin of funds. These assets were then bridged—transferred from Ethereum to the Fantom network—where the exploit was executed.

Once the breach was identified, Polter Finance took immediate action by pausing its platform to contain the damage and notified key bridge operators.

The pseudonymous founder of Polter Finance, known as “Whichghost,” filed a police report in Singapore following the breach. The hack resulted in losses exceeding 16.1 million SGD (approximately $12 million USD).

The newly deployed smart contract on the platform was exploited, causing unauthorized transactions to drain user assets, says the report. The founder also reported personal losses of $223,219.

While the police report claims total losses of around $12 million, other reports from web3 security firms suggest the actual amount stolen was closer to $7 million.

According to DeFi Llama data, Polter Finance’s TVL was approximately $9.7 million before the attack, indicating substantial losses.

In a statement on X (formerly Twitter), the team wrote, ““We identified wallets involved and traced it to Binance. We are still investigating the nature of the exploit. We are in the processing of contacting the Authorities.”

The platform also sent an on-chain message to the attacker, saying the team would be willing to negotiate without pursuing legal action if the stolen funds are returned.

Web3 security experts think the root cause of the exploit was linked to a price manipulation attack using oracles—external data feeds that platforms use to determine token prices.

Smart contract audit firm QuillAudits shared their findings with Decrypt which shows the vulnerability was tied with how Polter Finance calculated the value of the SpookySwap BOO token.

Disclaimer: This specification is preliminary and is subject to change at any time without notice. Web3 COMM assumes no responsibility for any errors contained herein.