Crypto Lender Polter Finance Shuts Down After Hack Drains Nearly All Funds
2024-11-20 10:28:09 Primitive Reading

 

From decrypt by Vismaya V

Decentralized lending platform Polter Finance suffered a devastating exploit on the Fantom blockchain, essentially wiping out most of its assets.

The breach, discovered early Sunday, involved the manipulation of the platform’s token pricing mechanisms, leaving its users in shock.

The attacker began by funneling funds through Tornado Cash, an Ethereum-based coin mixer that conceals the origin of funds. These assets were then bridged—transferred from Ethereum to the Fantom network—where the exploit was executed.

Once the breach was identified, Polter Finance took immediate action by pausing its platform to contain the damage and notified key bridge operators.

The pseudonymous founder of Polter Finance, known as “Whichghost,” filed a police report in Singapore following the breach. The hack resulted in losses exceeding 16.1 million SGD (approximately $12 million USD).

The newly deployed smart contract on the platform was exploited, causing unauthorized transactions to drain user assets, says the report. The founder also reported personal losses of $223,219.

While the police report claims total losses of around $12 million, other reports from web3 security firms suggest the actual amount stolen was closer to $7 million.

According to DeFi Llama data, Polter Finance’s TVL was approximately $9.7 million before the attack, indicating substantial losses.

In a statement on X (formerly Twitter), the team wrote, ““We identified wallets involved and traced it to Binance. We are still investigating the nature of the exploit. We are in the processing of contacting the Authorities.”

The platform also sent an on-chain message to the attacker, saying the team would be willing to negotiate without pursuing legal action if the stolen funds are returned.

Web3 security experts think the root cause of the exploit was linked to a price manipulation attack using oracles—external data feeds that platforms use to determine token prices.

Smart contract audit firm QuillAudits shared their findings with Decrypt which shows the vulnerability was tied with how Polter Finance calculated the value of the SpookySwap BOO token.

Disclaimer: This specification is preliminary and is subject to change at any time without notice. Amazon Finance assumes no responsibility for any errors contained herein.

Recommended reading
What is a crypto airdrop, and how does it work?

10-22     admin     11626 Reading

Binance clarifies 'rewards-bearing' BFUSD asset is not a stablecoin, hasn't launched

10-22     admin     9793 Reading

Coinbase CEO Backs DOGE Agency Led by Elon Musk as Dogecoin Surges

10-22     admin     15045 Reading

Bitcoin Hits New High of $89K as Spot ETFs Attracts Billions

10-22     admin     8995 Reading

User-friendly applications should attract newcomers to DeFi — AMA recap with Storm Trade

10-22     admin     11149 Reading

Bank of Korea signs agreement with regulators for CBDC, tokenized deposit trials

10-22     admin     11133 Reading

XRP Holders Still Trading as Though ETF Is Sure Thing, Say Analysts

10-22     admin     13166 Reading

Ethereum researchers unveil 'smart transactions' to make the World Computer a reality

10-22     admin     12502 Reading

Coinbase Acquires Utopia Labs Team to Expand Stablecoin Payments in Wallet

10-22     admin     7086 Reading

JP Morgan rebrands blockchain unit to Kinexys

10-22     admin     11098 Reading

Metaplanet Discloses $28 Million Gain on Bitcoin Holdings, Stock Slides

10-22     admin     9837 Reading

SEC approves Coincheck as first Japanese crypto exchange on Nasdaq

10-22     admin     12251 Reading

Robinhood Adds Solana, Cardano, XRP, and Pepe in Major Crypto Push

10-22     admin     19090 Reading

DWF Labs partners with UCLA for tokenized securities education

10-22     admin     8490 Reading

OpenEden's biz dev contractor was the founder of Braq — a community that's still wondering where its NFTs went

10-22     admin     12038 Reading