VERDICT —UNRATED
Verdict pending. Auto-ingested incidents are reviewed before a public verdict is rendered.
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
Ink Finance’s Workspace Treasury Proxy contract on Polygon was exploited due to a whitelist validation logic flaw. The attacker deployed a malicious contract matching a whitelisted claimer address, passed authentication checks via the claim() function, and drained approximately $140,000 USDT (amplified with a ~$25K Balancer V2 flash loan). Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 140,000.
Primary source
https://www.cryptotimes.io/2026/05/11/ink-finance-exploited-on-polygon-140k-usdt-drained-in-flash-loan-attack/ ↗Sourced from
slowmist
Technical record
- chain
- polygon
- protocol
- Ink Finance
- bug_class
- flashloan
- date_occurred
- 2026-05-11
- loss_usd
- $140,000
- source_id
- sm:ink-finance::2026-05-11
Related — same bug class· flashloan