Polter Finance was attacked by a flashloan, causing a loss of $12 million, suspected to be related to an oracle error on SpookySwap.
Polter Finance, a decentralized lending platform, officially announced the suspension of operations on November 17 after a serious attack, causing a loss of around $12 million. This attack was carried out through a flash loan, targeting the smart contract recently deployed on the SpookySwap (BOO) market. According to the report, the stolen funds have been transferred through multiple wallets on the Binance exchange.
According to the Web3 security company TenArmor, the attack originated from an oracle error in the smart contract of the SpookySwap market. This vulnerability allowed the attacker to manipulate the asset value and withdraw a large amount of funds illegally. Notably, the BOO market had a TVL of only around $3,000 before the incident, while the loss amounted to $12 million, creating a significant disparity in scale.
Although Polter Finance has not yet disclosed the specific details of the attack, the platform has sent an on-chain message to the attacker, offering to negotiate and promising not to prosecute if the funds are returned. However, there has been no response from the attacker so far.
The anonymous founder of Polter Finance, known by the nickname Whichghost, filed a complaint with the Singapore police on the day of the incident. According to the complaint, the total loss amounted to over $16.1 million Singapore dollars (equivalent to $12 million), including Whichghost's personal loss of $223,219. The person claims not to have shared the private key and suspects that the newly deployed smart contract on the BOO token platform has been exploited.
The incident has shocked the DeFi community and raised many questions. On the X platform (formerly Twitter), some opinions suggest that this could be an inside job, and the police report is just a diversion strategy. To support the investigation, Polter Finance is collaborating with the Security Analytics and Information Sharing Center (SEAL-ISAC) to trace the attacker's footprints.
Before the incident, Polter Finance had a total market value of around $12 million, including assets such as Fantom, wrapped USD Coin (wUSDC), Magic Internet Money (MIM), and Stader sFTMX. This was one of the notable DeFi platforms in the Fantom ecosystem.
