Polter Finance Recovers Partially from $12 Million Flash Loan Attack

DeFi lending platform Polter Finance is working to recover the $12 million it lost in a flash loan attack that exploited a faulty oracle on its new SpookySwap market. The protocol has collaborated with the Security Alliance, a group of white hat hackers and security experts focused on combating cyber threats in crypto, to identify the attacker and expedite fund recovery.

Attack Details and Aftermath

According to its latest update, Polter Finance has contacted the exploiter via an on-chain message and offered to negotiate a bounty and not pursue legal action if the attacker returns the stolen funds. The pseudonymous founder of Polter Finance, Whichghost, has filed a police report in Singapore, stating that the protocol lost over 16.1 million Singapore dollars (approximately $11.98 million) in the attack, and has reported personal losses exceeding $223,000 in losses.

The Exploitation of Price Oracles

The incident was another case of price oracle exploitation, where attackers manipulate the data feedsβ€”known as oraclesβ€”that DeFi platforms use to determine asset prices. In this case, the attacker exploited Polter Finance’s reliance on the spot price of the BOO token on SpookySwap, as analyzed by blockchain security firm BlockSec Phalcon.

Using a flash loan to drain BOO token reserves from the WFTM-BOO liquidity pair, the attacker artificially inflated the token’s price, enabling them to borrow far more than the collateral’s actual value. The stolen funds have been traced to wallets on the crypto exchange Binance.

Consequences and Market Impact

POLTER, the platform’s native token, has plummeted by over 85% following the exploit. The total value locked in the protocol has plunged from $9.77 million on November 16 to just $61,603 at press time. November has been rife with DeFi vulnerabilities, with this marking the third significant exploit this month.

DeFi Vulnerabilities: A Growing Concern

Other notable DeFi vulnerabilities this month include the Aptos-based Thala protocol, which lost over $25 million worth of assets from its liquidity pools due to vulnerability in its farming contracts. The project managed to recover almost all of the funds after the attacker agreed to a $300,000 bounty. DeltaPrime, another lending and borrowing protocol, lost $4.8 million worth of digital assets on November 11, and the protocol sent an on-chain message to the hacker to negotiate the return of all stolen assets.

As the DeFi space continues to evolve, it is crucial for protocols to prioritize security and implement robust measures to prevent similar attacks in the future. Readers can stay up-to-date with the latest news and developments in the crypto space by exploring Global Crypto News.

Post Views: 2