TL;DR
- Polter Finance halted operations following a hack that drained $12 million from its platform.
- The stolen funds were traced back to Binance, and the company is attempting to negotiate with the attacker.
- A police report has been filed in Singapore and the smart contract flaw is being investigated.
Polter Finance, a decentralized lending and borrowing platform, was forced to halt operations after suffering a flash loan attack that resulted in the loss of $12 million in digital assets.
The incident occurred on November 17, when attackers exploited a flaw in the recently launched SpookySwap (BOO) market price oracle.
The platform was paused soon after the exploit was identified.
Bridges were notified.
We identified wallets involved and traced it to Binance.
We are still investigating the nature of the exploit.
We are in the processing of contacting the Authorities.— polterfinance💥 (@polterfinance) November 17, 2024
The company, after identifying the vulnerability, paused its platform and notified investors via a statement on X, the social network formerly known as Twitter.
According to Web3 security firm TenArmor, the attack was facilitated by a faulty configuration of the smart contract that ran the BOO marketplace, which ironically was worth just $3,000.
Polter Finance tracked the stolen funds and managed to identify wallets linked to the Binance exchange. Through a message on the blockchain, the team offered the attacker to negotiate the return of the funds, assuring that there would be no legal repercussions if certain conditions were met.
The founder of Polter Finance, known as Whichghost, filed a police report in Singapore to formalize the complaint. According to the document, in addition to the platform losses, Whichghost suffered a personal financial impact of $223,219. This action seeks to show transparency to the community and advance the investigation of the case.
Controversy in the community and future measures of Polter Finance
Polter Finance‘s response has generated mixed opinions among users. While some appreciate the team’s efforts to trace the funds and notify authorities, others suspect possible insider activity, given the circumstances of the attack.
These doubts are fueled by the speed with which the police report was filed, which some see as a distraction.
In addition to collaborating with Singaporean authorities, Polter Finance announced a partnership with SEAL-ISAC, an organization dedicated to blockchain security, to track down the attacker and recover the funds. This type of cooperation could be key in solving similar cases in the future.
The BOO marketplace vulnerability highlights a recurring problem in the DeFi world: smart contract security. Despite audits and testing, coding errors can quickly be exploited, causing multi-million dollar losses. In this case, the affected assets included Fantom (FTM), USD Coin (USDC), Magic Internet Money (MIM), and Stader sFTMX, which were part of the total $12 million in value locked on the platform.
The Polter Finance case adds to a growing list of hacks in the crypto ecosystem, underscoring the need to strengthen security and establish stricter standards for emerging projects.
While negotiating with the attacker could potentially recover some of the funds, the incident raises important questions about trust in decentralized platforms and their preparedness against sophisticated attacks.
