INK Finance, a DeFi protocol on Polygon, experienced a $140,000 loss due to an authorization breach. Attackers exploited weaknesses in the platform's treasury verification logic, using a spoofed claimer contract to impersonate an approved entity and trigger unauthorized transfers. The exploit was facilitated by a $25,000 Balancer V2 flash loan, highlighting the efficiency of interconnected liquidity systems in DeFi attacks. This incident underscores a growing trend where attackers target treasury authorization layers rather than liquidity pools, exploiting operational trust assumptions. Similar breaches have been rising across DAO-managed treasuries, exposing vulnerabilities in authorization systems. Despite the relatively small financial impact, such exploits erode user confidence and highlight the need for improved operational security in DeFi infrastructure.