[]
BTC$84,9104.08%ETH$1,942.723.61%USDT$1.000.01%XRP$2.393.60%BNB$591.012.24%SOL$133.457.36%USDC$1.00-0.01%ADA$0.744.36%DOGE$0.174.56%TRX$0.22-0.85%STETH$1,938.083.21%WBTC$84,5923.84%PI$1.54-5.60%LINK$14.6111.77%LEO$9.820.92%XLM$0.280.53%HBAR$0.203.11%WSTETH$2,322.283.02%USDS$1.00-0.02%AVAX$19.214.18%SHIB$0.000012796.00%SUI$2.334.64%TON$2.884.61%LTC$92.374.09%BCH$334.500.97%DOT$4.205.80%OM$6.30-2.07%USDE$1.00-0.05%WETH$1,941.643.42%BGB$4.466.56%BSC-USD$1.000.35%HYPE$14.1313.62%WBT$28.520.20%WEETH$2,059.823.08%XMR$207.950.55%UNI$6.072.90%SUSDS$1.040.02%NEAR$2.705.30%APT$5.315.04%DAI$1.000.00%PEPE$0.000007255.52%ONDO$0.895.91%OKB$46.4211.69%ETC$18.453.60%ICP$5.683.81%AAVE$174.522.53%GT$21.334.49%CBBTC$84,8483.97%MNT$0.740.03%TRUMP$12.1414.10%CRO$0.083.46%TKX$27.763.83%TAO$251.781.74%VET$0.024.79%FDUSD$1.000.07%KAS$0.088.50%TIA$3.704.22%ENA$0.363.32%POL$0.222.45%FIL$2.915.57%ATOM$4.155.81%ALGO$0.206.16%FTN$4.020.85%S$0.5310.90%LBTC$84,6253.82%RENDER$3.167.26%ARB$0.366.24%IP$6.063.88%USDT$1.000.26%JUP$0.536.29%OP$0.895.41%KCS$11.120.93%FET$0.525.95%SOLVBTC$84,3743.81%WETH$1,935.213.71%MOVE$0.472.90%QNT$77.212.17%RSETH$2,012.183.34%NEXO$1.103.39%XDC$0.072.86%BUIDL$1.000.00%MKR$1,178.433.24%STX$0.666.59%DEXE$17.360.52%USD0$1.000.04%INJ$10.119.68%WLD$0.885.96%RETH$2,178.193.32%IMX$0.543.27%BNSOL$138.647.27%SEI$0.208.90%GRT$0.107.18%FLR$0.010.14%THETA$0.914.48%BONK$0.000011186.83%USDT$1.000.38%LDO$0.956.44%SOLVBTC.BBN$83,4442.43%EOS$0.512.67%METH$2,057.093.13%

Advertisement

Polter Finance’s Entire $12M TVL Wiped Out in Exploit

The attacker used flash loans to manipulate token prices and drain the protocol.
By: Joel Lim • November 19, 2024
Polter Finance’s Entire $12M TVL Wiped Out in Exploit

Polter Finance, a permissionless lending and borrowing platform on the Fantom blockchain, was exploited in an attack that wiped out the platform’s entire total value locked of $12 million.

Polter Finance informed its users of the attack in a Nov. 17 X post. The wallets involved have been identified and traced to Binance.

Polter contacted the attacker via an onchain message to negotiate terms for returning the stolen funds. The hacker has not responded at the time of writing.

Polter’s Next Steps

The attack on Polter Finance is only the latest in a growing list of security breaches in DeFi and crypto. According to a report from Certik, a leading blockchain and smart contract auditor, the amount lost to security exploits in crypto exceeds $2 billion in 2024 alone. Code vulnerabilities accounted for $39.6 million in losses over 44 incidents.

Polter’s pseudonymous founder, “Whichghost,” filed a police report in Singapore following the breach. The report claims that newly deployed smart contracts used for BOO token lending were exploited, leading to unauthorized transactions that drained user funds.

“I wish to state that I did not provide anyone my login details (private keys), and I believed that my platform’s newly deployed smart contract (for BOO token lending) has been exploited, hence causing the unauthorized transactions,” Whichghost said in the police report.

Although the police report claims the amount stolen from the Polter Finance hack is around $12 million, reports from other web3 security firms suggest the stolen amount was closer to $7 million. DefiLlama data indicates that Polter’s TVL was around $9.7 million before the hack. That value has now dropped to $60,535.

Inside The Exploit

Experts say the hacker likely used a price manipulation attack by exploiting Polter’s reliance on oracles, which determine token prices. Oracles are external services that provide real-world data to blockchain platforms, such as token values and are widely used across DeFi.

In this case, the attacker reportedly used a flash loan, a type of short-term, uncollateralized loan repaid within a single blockchain transaction. The flash loan was employed to artificially inflate the value of the BOO token on Polter’s platform. This allowed the hacker to deposit a small amount of BOO tokens and withdraw a significantly larger amount of other tokens, effectively draining the platform.

Polter Finance has announced it’s collaborating with the Security Alliance Information Sharing and Analysis Center (SEAL-ISAC) to trace the attacker and recover the stolen assets.

Speculation of Insider Activity

To be sure, some community members on X speculated that the incident could involve insider activity, though no evidence has been presented to support this claim. Skeptics point to the timing of the smart contract deployment and the nature of the exploit as potential red flags. However, no conclusive information has emerged to substantiate these allegations.

Polter Finance has not yet announced a timeline for resuming operations, but the team remains focused on working with SEAL-ISAC and law enforcement to recover the stolen funds.


Polter Finance

Related Posts

image depicting a DeFi exploit

Prisma Finance Suffers $12 Million Exploit

March 28, 2024
image depicting a DeFi hack

DeFi Protocol Hedgey Finance Suffers $44M Hack

April 19, 2024
a halted blockchain

Linea Halts Network after Velocore Exploit

June 03, 2024

Advertisement

Get an edge in Crypto with our free daily newsletter

Know what matters in Crypto and Web3 with The Defiant Daily newsletter, Mon to Fri

90k+ Defiers informed every day. Unsubscribe anytime.