ARTICLE AD BOX
TLDR
- Polter Finance lost $12M in a flash loan hack targeting their new SpookySwap market
- Platform operations were paused on Nov. 17 after exploit discovery
- Stolen funds were traced to Binance wallets
- Founder Whichghost filed police report in Singapore
- Platform attempting to negotiate with hacker through onchain messages
A flash loan attack hit decentralized lending platform Polter Finance on November 17, 2024, resulting in the loss of $12 million in crypto assets. The platform immediately suspended all operations after detecting the security breach.
The attack targeted Polter’s newly launched SpookySwap (BOO) market, which had a valuation of only $3,000 before the incident. Web3 security firm TenArmor confirmed that the exploit occurred due to problems with the oracle price system, allowing attackers to manipulate flash loans.
Polter Finance’s total market size before the attack consisted of $7.87 million in Fantom (FTM), $1.03 million in wrapped USD Coin (USDC), $251,000 in Magic Internet Money (MIM), and $2.1 million in Stader sFTMX. The entire amount was drained during the attack.
The platform’s founder, known by the pseudonym Whichghost, took immediate action by filing a police report with Singapore authorities. The police verified Whichghost’s identity through Singpass, Singapore’s digital identity system for citizens and residents.
The platform was paused soon after the exploit was identified.
Bridges were notified.
We identified wallets involved and traced it to Binance.
We are still investigating the nature of the exploit.
We are in the processing of contacting the Authorities.
— polterfinance💥 (@polterfinance) November 17, 2024
In the police report, Whichghost detailed personal losses of $223,219 and emphasized that no login details or private keys were compromised. The founder stated that the attack appeared to target the platform’s newly deployed smart contract for BOO token lending.
Following the hack, Polter Finance’s security team traced the stolen funds to several wallets on the Binance cryptocurrency exchange. This information could prove valuable for law enforcement efforts to track and potentially recover the stolen assets.
The platform attempted to open communication channels with the attacker through an onchain message. The message included an offer to negotiate and suggested possible immunity from prosecution. As of the latest updates, the hacker has not responded to these overtures.
We are formally reaching out on-chain to the exploiter regarding the $POLTER exploit. pic.twitter.com/XKrYlahaSx
— polterfinance💥 (@polterfinance) November 17, 2024
To strengthen their investigation efforts, Polter Finance announced a partnership with the Security Alliance Information Sharing and Analysis Center (SEAL-ISAC). This collaboration aims to leverage additional resources and expertise in tracking down the perpetrator.
Some members of the crypto community expressed skepticism about the incident on social media platform X (formerly Twitter). Several users suggested the possibility of insider involvement, questioning the timing and nature of the attack.
The skeptics pointed to the filing of a police report as a potential misdirection tactic to deflect from internal investigation. However, no evidence has emerged to support these claims of insider activity.
The exploitation of the BOO market highlighted vulnerabilities in newly launched features. The disparity between the market’s small valuation of $3,000 and the massive scale of the theft raised questions about the platform’s security measures for new products.
Platform users received notification of the hack through Polter Finance’s social media channels, particularly on X. The company maintained communication with its community throughout the initial stages of the incident.
The attack method using flash loans has become increasingly common in crypto security breaches. Flash loans allow users to borrow large amounts of cryptocurrency without collateral, provided they repay the loan within the same transaction block.
the following is the police report filed regarding @polterfinance exploit $POLTER pic.twitter.com/1PycJIrbZV
— whichghost 💥 | Polter Finance (@whichghost) November 17, 2024
Law enforcement’s involvement and the documentation of Whichghost’s identity through Singapore’s Singpass system added an official dimension to the investigation. This formal approach could assist in potential legal proceedings if the attacker is identified.
The platform’s total value locked (TVL) of $12 million was completely depleted in the attack, marking one of the larger crypto security breaches of late 2024. The incident affected multiple cryptocurrency assets across the platform’s lending markets.