Huma Finance has reported a $101,000 exploit involving its deprecated V1 BaseCreditPool contracts on the Polygon network. The breach, which occurred on May 11, allowed an attacker to siphon 82,316 USDC and 19,075 USDC.e due to a logic error in the credit-lifecycle management of these outdated contracts. Importantly, no user deposits were compromised, and the incident was limited to pool owner and protocol fees.
The exploit was attributed to a preventable access-control flaw, highlighting the risks associated with leaving old smart contracts active. Huma Finance's newer V2 deployment on Solana and its PayFi Strategy Token (PST) remain unaffected and fully operational. The company quickly communicated the breach, emphasizing the safety of user assets and the integrity of its current systems. This incident underscores the need for rigorous audits of deprecated contracts within the DeFi ecosystem to prevent similar vulnerabilities.
Huma Finance Suffers $101K Exploit on Deprecated Polygon Contracts
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.