•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Huma Finance’s latest exploit highlighted how outdated DeFi infrastructure can remain vulnerable even after protocols migrate to newer architectures. The attacker drained roughly $101,400 from deprecated Polygon V1 BaseCreditPool contracts by exploiting flawed account validation logic inside refreshAccount().
The weakness enabled unauthorized withdrawals after account statuses incorrectly shifted into “GoodStanding” during tightly coordinated transactions. More than 82,315 USDC left one affected pool, while smaller USDC.e balances were drained from two additional contracts.
According to the post-mortem, the attacker targeted dormant contract functions tied to outdated credit-state logic. The exploit succeeded because older pathways such as requestCredit() and refreshAccount() remained accessible despite limited operational use.
These functions interacted with complex fee calculations and borrower state transitions, creating fragile dependency chains that became harder to audit over time. Once manipulated, the attacker chained withdrawals across treasury-linked pools within a coordinated transaction flow.
Even with the breach, active user funds were described as protected because Huma’s newer Solana-based V2 infrastructure operated separately from the compromised legacy deployments.
The incident reinforced wider concerns that dormant smart contracts can retain residual approvals, treasury balances, and hidden attack surfaces. As DeFi protocols evolve, incomplete infrastructure sunsets can undermine market confidence and operational security.
Huma’s co-founder Richard Liu characterized the incident as “a hard lesson” aimed at strengthening collective ecosystem defense, emphasizing the need for legacy contract removal and simplified infrastructure design.
The post-mortem also pointed to the maintenance burden created when development resources concentrate on newer systems while older modules receive less operational scrutiny. As Huma focused on its Solana V2 rewrite, older Polygon V1 components gradually received reduced attention despite remaining publicly accessible.
In contrast, Huma’s newer Solana ecosystem reportedly supported more than $13 billion in cumulative volume while maintaining roughly $179 million in active liquidity. The comparison was used to illustrate how technical debt can expand when protocols prioritize growth over disciplined infrastructure retirement.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
