Polter Finance kicks off recovery efforts following $12m flash loan attack

DeFi lending platform Polter Finance is working to recover $12 million lost in a flash lending attack that leveraged a faulty oracle on the new SpookySwap marketplace.

According to its latest update, Polter Finance is collaborating with the Security Alliance, a group of white hat hackers and security experts focused on combating cyber threats in crypto, to detect the attacker and speed up fund recovery.

Among other efforts, the DeFi protocol contacted the exploiter via an on-chain message, offering not to take legal action and negotiating a reward if the attacker returned the stolen funds.

Meanwhile, Polter Finance’s pseudonymous founder Whatghost filed a police report in Singapore, stating that the protocol suffered losses of more than S$16.1 million (about $11.98 million) in the attack.

Which ghost also reported personal losses in the incident exceeding $223,000.

According to Web3 security firm TenArmor, the incident was “another example of price oracle exploitation,” in which attackers manipulated data streams known as oracles that DeFi platforms use to determine asset prices.

In this case, the attacker took advantage of Polter Finance’s trust in the spot price of the BOO token on SpookySwap, as analyzed by blockchain security firm BlockSec Phalcon.

By using a flash loan to withdraw BOO token reserves from the WFTM-BOO liquidity pair, they artificially inflated the price of the token, allowing them to borrow much more than the actual value of the collateral.

At the time of writing, Polter has yet to release an official post-mortem report confirming the nature of the attack, but the protocol did trace the stolen funds to wallets on crypto exchange Binance.

The platform’s native token, POLTER, dropped over 85% following this exploit. Meanwhile, data from DefiLlama reveals that the total value locked in the protocol dropped from $9.77 million on November 16 to just $61,603 at the time of publication.

November was full of DeFi vulnerabilities, and this marks the third significant exploit this month. As reported by Crypto.news, the Aptos-based Thala protocol lost over $25 million in assets from its liquidity pools due to a vulnerability in its farming contracts. However, the project managed to recover almost all of the funds after the attacker accepted the $300,000 bounty.

Before this, on November 11, DeltaPrime, another lending and lending protocol, lost $4.8 million worth of digital assets. Like Polter Finance, the protocol sent an on-chain message to the hacker to negotiate the return of all stolen assets.