Last updated:
Author
Ruholamin Haqshanas
Author
Ruholamin Haqshanas
Share
Why Trust Cryptonews
Polter Finance, a decentralized lending platform, has suffered an exploit on the Fantom chain, resulting in the theft of over $7 million in digital assets.
The platform confirmed the breach on November 18, detailing that the attacker initiated the exploit using funds originally sourced through Tornado Cash on Ethereum.
These funds were subsequently bridged to the Fantom network before the exploit was carried out.
Polter Finance Pauses Operations
In a post on X, Polter Finance said that the team paused the platform to prevent further damage after the exploit was identified and notified key bridge operators about the breach.
“We identified wallets involved and traced it to Binance. We are still investigating the nature of the exploit. We are in the process of contacting the Authorities,” the team wrote.
The team has also reached out on-chain to the exploiter, saying that they are willing to negotiate and not pursue legal action if the hacker returns the stolen funds.
Meanwhile, some experts attributed the incident to a vulnerability described as an ’empty market’ issue.
Empty market vulnerability refers to a weakness in DeFi platforms or smart contracts that attackers exploit when a market or trading pool has very low activity or liquidity.
When a market is “empty,” there aren’t enough traders or assets to create natural price movements or detect unusual behavior.
This makes it easier for attackers to manipulate prices, trick the platform, or exploit its calculations.
However, another researcher claimed that it was not an empty market issue rather it was a “faulty oracle price.”
Polter Finance is a decentralized non-custodial lending and borrowing platform where depositors can receive a portion of the interest charged on loans.
Crypto Hacks on the Rise
The recent incident comes amid a rising wave of phishing attacks plaguing the blockchain industry.
According to blockchain security firm CertiK, phishing-related losses in 2024 have exceeded $800 million, driven by increasingly sophisticated hacking techniques.
These include wallet-draining schemes and address poisoning, which exploit users’ trust and lack of technical vigilance.
CertiK reports that 247 phishing incidents have been recorded so far in 2024, with the first quarter seeing the highest number of attacks at 82 cases.
However, the second quarter saw massive financial losses, amounting to $433 million, followed by $343 million in the third quarter.
Even with fewer cases reported in the fourth quarter, the financial impact is set to rival earlier periods.
Hackers have been evolving their tactics, blending advanced tools like Angel Drainer and Pink Drainer with traditional methods.
Wallet-draining scams often exploit permissions granted by unsuspecting users, enabling hackers to access funds.
Notably, Angel Drainer’s acquisition of Inferno Drainer signals the rise of more potent phishing campaigns.
As reported, the Department of Homeland Security (DHS) has disrupted hundreds of crypto scam incidents, reclaiming billions in extorted cryptocurrency since 2021.
DHS investigators have intercepted 537 ransomware attacks before they could cause widespread damage.
