- Phantom-based Polter Finance was forced to ‘pause’ operations.
- The decision was made after a recent attack wiped out the platform.
- Several analysts have weighed in on the cause of the attack.
Years later, vulnerability to exploits continues to be a barrier to DeFi adoption, with victims often having little hope of relief.
The victims of this incident are mainly Polter Finance, a Fantom-based lending protocol, and its users.
Polter Finance wiped out
Polter Finance, a phantom-based lending protocol, has ‘paused’ operations. The project revealed the move on Sunday, November 17, noting that it had suffered a huge blow, increasing the price of a TVL tank from about $9.7 million to about $60,000 at the time of this writing.
"The platform was paused soon after the exploit was identified. Bridges were notified. We identified wallets involved and traced it to Binance. We are still investigating the nature of the exploit. We are in the processing of contacting the Authorities," the project asserted in a sparse initial statement.
In a police statement released hours later, the project’s founder “whichghost” reported that more than SGD 16 million, worth about $12 million, was lost in the attack. They claimed that this total also included personal losses amounting to up to SGD 300,000, or approximately USD 224,000.
In addition to contacting Binance and authorities, the team engaged two cryptocurrency security agencies and attempted to initiate on-chain negotiations with the attackers. At the time of writing, there has been no response to Polter Finance’s initial outreach efforts.
Polter Finance’s downturn appears to have started with an ill-fated listing.
Boo
As detailed by multiple security firms following the attack, the Polter Finance exploit can be traced to a vulnerability in a smart contract added just the day before to allow lending of a token called BOO. This fact is acknowledged by the project. This is a postmortem published on Discord.
All accounts indicate that the attackers were able to exploit a pricing vulnerability in the smart contract to temporarily inflate the value of BOO, borrowing far more tokens than the actual value of the collateral. This is also known as a flash loan attack.
Polter Finance acknowledged that it had not conducted a third-party audit of the smart contracts used to add support for the BOO lending marketplace, adding that internal testing had not revealed any vulnerabilities.
The team’s failure to conduct a third-party audit of its smart contracts has understandably drawn significant criticism, with some claiming it suggests potential internal collaboration in the exploits.
After news of the attack broke, the price of Polter Finance’s native token, POLTER, fell by more than 85%, from approximately $0.1257 to $0.0188.
On the flipside
- If an attacker is willing to negotiate, this may increase the chances of a project’s recovery.
Why This Matters
The recent Polter Finance exploit is a reminder of why many external cryptocurrencies continue to view DeFi as the Wild West.
To learn more about DeFi attacks, read:
Radiant Capital hackers steal $52 million after attack
The Polish presidential candidate has promised to create a national Bitcoin reserve if elected.
Polish presidential hopeful vows to hold Bitcoin, a trend likely to be led by Trump