Huma Finance Hack: $101K Comot for Polygon V1 Legacy Pools

Di Huma Finance hack com drain about $101,400 from old Polygon V1 BaseCreditPool smart contracts. Blockaid trace di breach to faulty account validation for refreshAccount(), wey attacker manipulate account status to “GoodStanding” and den enable unauthorized drawdown() through coordinated transactions. Main losses include about ~82,315 USDC from one affected pool and extra USDC.e balances from two other contracts. Huma talk say im involve legacy paths like requestCredit() and refreshAccount() weh fit still dey reachable if dem no fully retire the legacy contracts. Important be say Huma Finance insist say users’ funds no risk because their newer Solana-based V2 infrastructure dey isolated and e no dey share code with the compromised Polygon V1 deployments. Still, the incident show wider DeFi risk from technical debt: dormant functions, leftover approvals, residual balances, and hidden attack surfaces. (Related same-day Polygon incident: Ink Finance lose near $140,000 from im Workspace Treasury Proxy contract.) For traders, the Huma Finance hack na short-term warning sign for Polygon DeFi exposure, especially protocols wey rely on legacy contract patterns.