TLDR
- In a precise flash loan attack, hackers withdrew $12M from Polter’s fresh SpookySwap market, revealing weaknesses that were previously hidden.
- Following the exploit detection, all platform functions were put on hold on November 17.
- Tracked funds from the breach were found in Binance linked wallets.
- The founder, alias Whichghost, promptly submitted an official report to Singapore's police.
- Polter tries to reach out to the hacker using messages on the blockchain, hoping to negotiate.
On November 17, 2024, the decentralized lending platform Polter Finance suffered a flash loan assault, losing crypto worth $12 million. Operations were halted promptly after identifying the security compromise. Hackers targeted a newly established market on Polter, SpookySwap (BOO), which was evaluated at just $3,000 before the hack. Security firm Web3 identified an oracle price system flaw that attackers manipulated with flash loans.
Polter Finance's pre-hack market was valued at a total of $7.87 million in Fantom (FTM), $1.03 million in wrapped USD Coin (USDC), $251,000 in Magic Internet Money (MIM), and $2.1 million in Stader sFTMX; all these assets vanished after the attack.
Under the pseudonym Whichghost, Polter’s founder took swift steps by reporting the incident to Singapore’s police, who verified Whichghost's identity using Singpass, Singapore’s official digital identification system.
The platform's operations were quickly paused once the exploit was recognized.
Investigation revealed that the funds were moved to wallets affiliated with Binance.
Bridges were notified.
We are currently delving deeper to uncover the exploit's exact nature.
Proceedings to contact authorities are underway.
The police report lodged by Whichghost disclosed personal losses amounting to $223,219 and assured that login credentials or private keys weren't breached. It mentioned the attack aimed at the newly launched smart contract for lending the BOO token.— polterfinance💥 (@polterfinance) November 17, 2024
Post-attack, Polter's security traced the missing funds to various wallets on Binance, crucial for law enforcement in recovering the assets.
Efforts to engage the attacker were made through onchain communication, where a negotiation, possibly preventing prosecution, was suggested. However, there's been no feedback from the hacker as of the latest information.
We are officially initiating on-chain contact with the individual behind the exploit.
Polter Finance ramped up its investigation by collaborating with SEAL-ISAC, an alliance promising extra expertise and resources to corner the attacker. $POLTER exploit. pic.twitter.com/XKrYlahaSx
— polterfinance💥 (@polterfinance) November 17, 2024
Crypto enthusiasts expressed doubts over the event on platform X, previously known as Twitter, insinuating a potential internal collusion due to the suspicious timing and method.
Skeptics considered the police report filing as a diversion to distract from internal probes; nevertheless, no compelling proof of insider involvement has been provided.
The breach of the BOO market stressed security gaps in newly introduced functionalities. The stark contrast between the market’s modest $3,000 worth and the vast scale of the heist prompts scrutiny of the platform's protective protocols.
News of the hack was shared with Polter Finance’s users via their social channels, notably X, maintaining transparent communication during the initial phases.
The flash loan tactic has become a go-to method in crypto thefts, permitting borrowers to access vast crypto funds sans collateral, as long as the funds are repaid within the single transaction circle.
The proceeding details the following police report filing.
— whichghost 💥 Polter Finance (@whichghost) @polterfinance exploit $POLTER pic.twitter.com/1PycJIrbZV
Engaging law enforcement and confirming Whichghost’s identity through Singpass added a formal layer to the inquiry, potentially beneficial for legal cases should the hacker be caught. November 17, 2024
The complete depletion of the $12 million TVL during the breach marks a substantial security disaster in the latter part of 2024, adversely impacting several crypto assets across the platform’s financing sectors.
Blockonomi’s Editor-in-Chief and Kooc Media's founder, a UK-centered online media enterprise, champions open-source code, blockchain innovation, and an unrestricted, impartial internet.
