Key Points
- Polter Finance is attempting to recover $12 million lost in a flash loan attack on its SpookySwap market.
- The DeFi protocol is working alongside the Security Alliance to identify the attacker and expedite fund recovery.
Polter Finance, a DeFi lending platform, is seeking to recover $12 million that was lost due to a flash loan attack. This attack exploited a faulty oracle on its new SpookySwap market.
Collaboration for Recovery
Polter Finance has teamed up with the Security Alliance, a group of white hat hackers and security experts dedicated to combating cyber threats in the crypto space. The aim is to identify the attacker and speed up the recovery of the funds.
The DeFi protocol has also reached out to the exploiter through an on-chain message. They offered to negotiate a bounty and not to take legal action if the stolen funds are returned.
Details of the Attack
The pseudonymous founder of Polter Finance, Whichghost, filed a police report in Singapore. It was stated in the report that the protocol lost over 16.1 million Singapore dollars (approximately $11.98 million) in the attack. Whichghost also reported personal losses exceeding $223,000 due to the incident.
According to TenArmor, a Web3 security firm, the incident was another case of price oracle exploitation. Attackers manipulate the data feeds, known as oracles, that DeFi platforms use to determine asset prices. In this case, the attacker exploited Polter Finance’s reliance on the spot price of the BOO token on SpookySwap. This was analyzed by blockchain security firm BlockSec Phalcon.
The attacker used a flash loan to drain BOO token reserves from the WFTM-BOO liquidity pair. They artificially inflated the token’s price, which allowed them to borrow far more than the collateral’s actual value.
Polter Finance has not yet issued an official post-mortem report confirming the nature of the attack. However, they have traced the stolen funds to wallets on the crypto exchange Binance.
The platform’s native token, POLTER, has fallen by over 85% following the exploit. Data from DefiLlama shows that the total value locked in the protocol has dropped from $9.77 million on Nov. 16 to just $61,603 at press time.
November has seen a number of DeFi vulnerabilities. This is the third significant exploit this month. Thala protocol, an Aptos-based project, lost over $25 million worth of assets from its liquidity pools due to a vulnerability in its farming contracts. However, almost all of the funds were recovered after the attacker agreed to a $300,000 bounty.
Earlier in the month, on Nov. 11, DeltaPrime, another lending and borrowing protocol, lost $4.8 million worth of digital assets. Similar to Polter Finance, the protocol sent an on-chain message to the hacker to negotiate the return of all stolen assets.