DeFi lending platform Polter Finance is actively working to recover $12 million lost in a flash loan attack that exploited a vulnerability in its new SpookySwap market.
In its latest announcement, Polter Finance is teaming up with a coalition of cybersecurity experts dedicated to addressing crypto-related threats to identify the attacker and expedite the recovery of the stolen funds.
As part of its recovery strategy, the DeFi protocol has reached out to the exploiter through an on-chain message, offering to negotiate a bounty as an alternative to pursuing legal actions if the stolen funds are returned.
The pseudonymous founder of Polter Finance reported the incident to law enforcement in Singapore, revealing that the protocol suffered a loss exceeding 16.1 million Singapore dollars (approximately $11.98 million) due to the attack.
The founder also disclosed personal losses amounting to over $223,000 from the incident.
According to cybersecurity experts, this incident is yet another demonstration of price oracle exploitation, a tactic where attackers manipulate data feeds that DeFi platforms rely on to set asset prices.
The attacker specifically exploited Polter Finance’s dependence on the actual price of the BOO token on SpookySwap, as analyzed by a blockchain security firm.
Utilizing a flash loan, the attacker drained BOO token reserves from the WFTM-BOO liquidity pair by artificially inflating the token’s price, allowing them to borrow significantly more than what the collateral was worth.
While Polter Finance has not yet released a formal post-mortem report detailing the attack, the protocol has tracked the stolen funds to wallets on a major crypto exchange.
Following the exploit, the platform’s native token, POLTER, has witnessed a massive decline of over 85%. In addition, data reveals that the total value locked in the protocol has drastically dropped from $9.77 million on November 16 to a mere $61,603 at the time of reporting.
November has proven to be a tumultuous month for DeFi, marking the third significant exploit in recent weeks. Another protocol recently reported a loss exceeding $25 million from its liquidity pools due to vulnerabilities, although nearly all the funds were recovered after the attacker accepted a negotiated bounty.
Previously, another lending protocol suffered a loss of $4.8 million due to a similar exploit, and like Polter Finance, they attempted to engage the hacker for the return of the stolen assets.
