Polter Finance, a decentralized non-custodial crypto borrowing and lending platform, was hit with a massive hack, resulting in a $12 million loss of its native token $Polter. The platform has paused transactions and involved local authorities in the hack investigation.
$12 Million Down the Drain
According to Polter Finance, the exploiter breached the system on Sunday, stealing about $12 million, the total value locked (TVL) on its lending platform.
When it noticed the exploit, the hacked platform notified users and investors on X of the latest development. It then shut down its platform to begin investigations and secure the system from further compromise.
After tracking the incident, Polter’s security team revealed that one of the exploiters’ wallets was linked to the crypto exchange Binance.
While the affected platform has not identified the primary cause or the nature of the hack, online security firm TenArmorAlert has revealed that it is a case of price oracle exploitation.
🚨TenArmor Security Alert🚨
A lending project, PolterFinance (@polterfinance), on #Fantom (#FTM) has been compromised, leading to an estimated loss of $12M!
Another case of price oracle exploitation!
The price of SpookySwap BOO token in the lending pool relied on the spot… pic.twitter.com/7fF9ToeaJF
— TenArmorAlert (@TenArmorAlert) November 17, 2024
Polter Wants Negotiation
After identifying the wallet, Polter Finance sent an on-chain message to the hacker, asking that they negotiate a price for refunding the stolen crypto to its address.
“To the exploiter: We are willing to negotiate and will not pursue legal action if the funds are returned promptly. Please send the funds to ftm: 0x6cA04114752e70645093f815c9C5713ebB7b67Da. For further communication, please reply to this message,” the hacked platform stated.
While the hacker has not replied to Polter’s message, it has contacted Security Alliance, a non-profit blockchain security firm, to assist with investigating the exploit.
Polter Involves Police
Continuing its investigation, Polter Finance’s founder, identified as Whichghost, has filed a report with the Singapore Police Force concerning the incident.
The report noted that the platform founder owns only about $223k of the stolen funds, while the rest belongs to lenders who deposited on the platform and that the hack must have been from its newly deployed smart contract and not due to disclosure of private information.
Like Polter, other DeFi protocols have suffered security breaches. One is DeltaPrime, which lost about $4.5 million to an exploit last week.
Leave a Reply