Polter Finance initiates recovery measures after experiencing $12m flash loan attack

DeFi lending platform Polter Finance is working to recover $12 million lost in a flash loan attack exploiting a faulty oracle on its new SpookySwap market.
According to its latest update, Polter Finance iscollaboratingwith theSecurity Alliance, a group of white hat hackers and security experts focused on combating cyber threats in crypto, to identify the attacker and expedite fund recovery.
Among other efforts, the DeFi protocol hascontactedthe exploiter via an on-chain message and offered to negotiate a bounty and not pursue legal action if the attacker returns the stolen funds.
Meanwhile, Polter Finance’s pseudonymous founder, Whichghost,fileda police report inSingapore, stating that the protocol lost over 16.1 million Singapore dollars (approximately $11.98 million) in the attack.
Whichghost also reported personal losses exceeding $223,000 in the incident.
According to Web3 security firmTenArmor, the incident was “another case of price oracle exploitation,” where attackers manipulate the data feeds—known asoracles—that DeFi platforms use to determine asset prices.
In this case, the attacker exploited Polter Finance’s reliance on the spot price of the BOO token on SpookySwap, asanalyzedby blockchain security firm BlockSec Phalcon.

You might also like:Thala protocol resumes operations after $25.5m exploit.cn-block-related-link
Using aflash loanto drain BOO token reserves from the WFTM-BOO liquidity pair, they artificially inflated the token’s price, enabling them to borrow far more than the collateral’s actual value.
When writing, Polter has yet to issue an official post-mortem report confirming the nature of the attack, but the protocol hastracedthe stolen funds to wallets on the crypto exchange Binance.
POLTER, the platform’s native token, has plummeted by over 85% following the exploit. Meanwhile,datafrom DefiLlama reveals the total value locked in the protocol has plunged from $9.77 million on Nov. 16 to just $61,603 at press time.
November has been rife with DeFi vulnerabilities, and this marks the third significant exploit this month. Asreportedby crypto.news, Aptos-based Thala protocol lost over $25 million worth of assets from its liquidity pools due to vulnerability in its farming contracts. However, the project managed to recover almost all of the funds after the attacker agreed to a $300,000 bounty.
Prior to that, on Nov. 11, DeltaPrime, another lending and borrowing protocol, lost $4.8 million worth of digital assets. Like Polter Finance, the protocolsentan on-chain message to the hacker to negotiate the return of all stolen assets.

Read more:Tapioca Foundation offers $1m bounty to attacker after $4.7m exploit.cn-block-related-link