In a significant security breach, Polter Finance, a decentralized non-custodial lending and borrowing platform, fell victim to a sophisticated hack resulting in the loss of approximately $8.7 million in cryptocurrency.
The platform immediately responded to the incident on November 17 by pausing all operations and engaging law enforcement authorities.
The quick response included a public notification to investors via X (formerly Twitter), demonstrating the platform’s commitment to transparency during the crisis.
The protocol’s investigation team successfully traced the stolen funds to wallets associated with the Binance cryptocurrency exchange, providing a potential lead for recovery efforts.
Technical Analysis and Hacker’s Activities
According to Web3 security firm TenArmor’s analysis, the actual loss may be higher than initially reported, potentially reaching $8.7 million.
The attack reportedly exploited a vulnerability related to oracle price mechanisms, specifically targeting the platform’s newly launched SpookySwap (BOO) market through a flash loan attack.
In a recent development monitored by Paidun, the attacker’s address has been observed transferring 120 ETH to Tornado Cash, a cryptocurrency mixing service, potentially attempting to obscure the trail of stolen funds.
While Polter Finance has yet to officially confirm the precise nature of the attack, they have taken the unusual step of reaching out to the hacker through an onchain message, offering to negotiate and suggesting possible impunity.
Also Read: Thala Protocol Suffers Major Hack, THL Price Crashed Over 50%
Regulatory Response and Congressional Action
The incident has drawn attention from U.S. lawmakers, particularly regarding the use of cryptocurrency mixing services like Tornado Cash.
A group of prominent Democratic Representatives, including Sean Casten, Stephen Lynch, Brad Sherman, and Bill Foster, have taken action by sending a formal letter to the Treasury Department.
The letter urges investigation into illegal financial activities conducted through crypto mixing services, with a particular focus on Tornado Cash.
This legislative attention demonstrates the growing concern among policymakers about the role of mixing services in facilitating cryptocurrency-related crimes.
Ongoing Debate and Industry Impact
The situation has reignited the debate surrounding the U.S. Treasury’s August 2022 decision to designate Tornado Cash as a sanctioned entity, which prohibits U.S. persons and companies from engaging in financial interactions with the service.
This designation has been controversial within the cryptocurrency industry, with many prominent figures arguing that Tornado Cash, being software rather than a person or entity, should not fall under the Treasury Department’s sanctioning authority.
The Polterfinance incident and the hacker’s subsequent use of Tornado Cash have added new fuel to this ongoing debate, highlighting the complex intersection of cryptocurrency security, privacy tools, and regulatory oversight.
The incident serves as a crucial case study in the challenges facing decentralized finance platforms and the broader implications for cryptocurrency regulation.
Also Read: CertiK Reveals DEXX Hack Due To Private Key Mismanagement On Solana