Polter Finance Faces Flash Loan Exploit
In a significant security breach, Polter Finance, a decentralized finance platform operating on the Fantom network, was targeted by a flash loan exploit. The attack resulted in a loss exceeding $7 million. The breach involved manipulating the price of the SpookySwap governance token, BOO, by borrowing nearly all available tokens from the liquidity pool. With the artificial price hike, the attacker managed to deposit a single BOO token and siphon off funds from all pools.
Mechanics of the Attack
Blockchain analyst Nick Franklin revealed that the attack was executed by exploiting the token price formula in decentralized exchanges. The attacker borrowed 269,042.22851562785 BOO tokens through a flash loan, leaving a negligible balance in the pool. This strategy led to a dramatic surge in BOO’s price. Subsequently, the attacker deposited a single token to withdraw $9.1 million worth of wrapped Fantom tokens, netting a profit of $7.8 million. The exploit was repeated for other cryptocurrencies, including:
- Magic Internet Money
- sFTMX
- Axelar USDC
- Bitcoin
- Ether
- USD Coin
Total estimates suggest a $12 million drain. The incident underscores the vulnerabilities associated with low liquidity tokens, as their prices can be easily manipulated. Polter Finance’s founder, known by the pseudonym Whichghost, has reported the incident to the authorities and is seeking to engage with the perpetrator.
CoinPoker Compromised by Hot Wallet Hack
CoinPoker, a crypto-based poker platform, fell victim to a security breach involving a private key hack. The attackers successfully transferred assets across various networks, including Ethereum, BNB Smart Chain, and Polygon. In an attempt to recover the stolen funds, CoinPoker initiated contact with the attacker through the Ethereum network, offering a potential bounty for the safe return of the assets.
Despite these efforts, the attacker managed to obscure the trail of the stolen funds by depositing them into Tornado Cash, a privacy-focused protocol. This move complicates tracking efforts and weakens CoinPoker’s negotiating leverage. However, the platform has maintained operational stability, with withdrawals continuing as normal.
Implications for Web3 Security
This incident highlights the risks Web3 users face when centralized gaming platforms are hacked. While CoinPoker has shown resilience in this attack, users should remain vigilant and consider security measures to protect their assets.
U.S. Man Sentenced for Crypto Scam-Induced Bank Collapse
A grave financial crime involving cryptocurrency led to the downfall of Heartland Tri-State Bank. Shan Hanes, a former CEO of the bank, has been sentenced to 24 years in prison for his involvement in a crypto scam that resulted in the bank’s collapse. Hanes was duped into investing in a fraudulent crypto scheme via WhatsApp and subsequently embezzled funds from multiple organizations, including the Elkhart Church of Christ and Santa Fe Investment Club.
Details of the Scam
Hanes not only invested his own money but also drained over $47 million from bank deposits into the scam, which ultimately turned out to be a sham. The fraudulent activity was discovered and reported by the bank’s chief financial officer, but by then, the losses had surpassed the bank’s capitalization, leading to bankruptcy. The Federal Deposit Insurance Corporation initially bailed out the bank before it was acquired by Dream First Bank of Syracuse.
Although authorities recovered $8 million from Hanes’ assets, the remaining $39 million remains unaccounted for. This case serves as a cautionary tale for investors to be wary of crypto investments that lack transparency and cannot be tracked via public blockchain explorers.
In summary, these incidents reflect the ongoing security challenges within the cryptocurrency and DeFi sectors, emphasizing the need for robust security measures and caution in high-risk investments.
