The decentralized lending platform has found itself in hot water after a major exploit on the Fantom blockchain led to the theft of over $7 million in crypto.
The platform confirmed the breach, revealing that the attacker used funds obtained through Tornado Cash on Ethereum before bridging them over to Fantom.
Red alert
After discovering the exploit, Polter Finance quickly paused its operations to prevent further losses and alerted key bridge operators about the situation.
“We identified wallets involved and traced them back to Binance. We are still investigating the nature of the exploit and are contacting the authorities.”
They even reached out to the hacker, offering to negotiate and promising not to pursue legal action if the stolen funds were returned.
What was the vulnerability?
Experts have weighed in on what caused this incident. Some believe it was due to an empty market vulnerability, which occurs when DeFi platforms or smart contracts are exploited because they have low activity or liquidity.
When a market is empty, it’s easier for attackers to manipulate prices or exploit calculations without anyone noticing.
Another researcher argued that this wasn’t just an empty market issue but rather a problem with a faulty oracle price.
Either way, it highlights some quite serious risks in the DeFi space. Unfortunately, phishing attacks are still rampant in the blockchain industry.
According to blockchain security firm CertiK, phishing losses have already surpassed $800 million in 2024 alone, thanks to increasingly sophisticated hacking techniques like wallet-draining schemes and address poisoning.
DeFi is the low hanging fruit for the attackers
So far this year, CertiK has recorded 247 phishing incidents, with the first quarter being particularly brutal at 82 cases.
The second quarter saw massive financial losses totaling $433 million, followed by $343 million in the third quarter.
Even though fewer cases were reported in the fourth quarter, the financial impact is still expected to be huge.
Hackers are getting craftier too, combining advanced tools like Angel Drainer and Pink Drainer with traditional methods to exploit unsuspecting users’ trust.
These wallet-draining scams often take advantage of permissions granted by users who don’t realize they’re giving away access to their funds.
