The Fantom-based decentralized finance platform Polter Finance suffered a flash loan attack resulting in a loss of over $7 million. Simultaneously, the Crypto Poker platform experienced a hot wallet hack, and a U.S. citizen was sentenced to 24 years for involvement in a crypto scam.
Classic Flash Loan Attack on Polter Finance
On November 18, Fantom-based Polter Finance was exploited in a classic flash loan attack, losing over $7 million according to blockchain analyst Nick Franklin. The attacker artificially raised the price of the SpookySwap governance token, BOO, by borrowing almost all BOO tokens from the liquidity pool. After increasing the price, the attacker deposited 1 BOO and drained all pools. BlockSec Phalcon analytics confirmed there were initially only 269,042.22851562786 tokens in the pool. The attacker borrowed 269,042.22851562785 BOO tokens ($1.3 million by price then) using a flash loan, leaving just 0.000000000001 tokens. He then deposited one BOO token and borrowed $9.1 million worth of wrapped Fantom (FTM) tokens, gaining $7.8 million. The attack was replicated to gain other tokens like Magic Internet Money (MIM), sFTMX, Axelar USDC (axlUSDC), Bitcoin (BTC), Ether (ETH), and USD Coin (USDC). Total damage may have been $12 million. Polter Finance's founder, known as Whichghost, filed a police report and seeks to negotiate with the perpetrator.
CoinPoker Hot Wallet Hack
In another incident, the Crypto Poker platform suffered a hot wallet hack. According to a report from blockchain analytics platform Cyvers, transfers were made across various networks including BNB Smart Chain, Ethereum, and Polygon by the attackers. In response, on November 16, the platform attempted negotiations with the hacker by posting a message on the Ethereum network. However, most of the funds were deposited by the hacker into Tornado Cash, complicating tracking.
U.S. Man Imprisoned for Crypto Scam
A resident of Elkhart, Kansas, USA, was sentenced to 24 years for involvement in a crypto scam, bankrupting Heartland Tri-State Bank. Shan Hanes, 53, fell for a crypto pyramid scheme via WhatsApp. He used both personal and other organizations' funds, draining Heartland Tri-State Bank of over $47 million in deposits, leading to its bankruptcy. The bank was bailed out by the US Federal Deposit Insurance Corporation then taken over by Dream First Bank from Syracuse.
The events at Polter Finance and CoinPoker highlight ongoing security challenges and high risks in the world of cryptocurrency and decentralized finance. Platforms and users need to be vigilant about potential threats and consider the risks associated with low liquidity tokens.
