Currencies38131
Market Cap$ 2.28T+1.42%
24h Spot Volume$ 33.07B-0.12%
DominanceBTC56.40%+0.11%ETH9.50%+1.45%
ETH Gas0.09 Gwei
Cryptorank
/

Legacy Polygon Royalties Contract Exploit Drains $261K Through Reward Logic Flaw


Legacy Polygon Royalties Contract Exploit Drains $261K Through Reward Logic Flaw

Share:

AI Overview

On June 23–24, 2026 a legacy royalties smart contract on Polygon was exploited via a logic error in Royal1155LD.beforeLdaTransfer that allowed an attacker to use 100 zero-value transfers and a flash loan to inflate reward accounting and withdraw roughly $261K in USDC (transaction in block 89,018,051). Security firms TenArmor, CertiK and DecurityHQ warn this class of DeFi smart contract vulnerabilities in dormant or legacy deployments poses systemic security risk and recommend audits, updates or deactivation to prevent similar exploits.

Bearish

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

  • A hacker took advantage of a legacy contract for Polygon royalties and drained $261,200 as a result of the vulnerability in the reward calculation.
  • The security experts attributed the problem to flawed reward calculations leading to inflated ownership balances and exaggerated rewards.

A hacker used a legacy royalties contract on the Polygon platform and made away with about $261,200 worth of cryptocurrency in recent times. The security firm TenArmorAlert identified the unusual transaction on June 23 and tracked down the exploit transaction.

The blockchain shows that the hacker carried out the attack using the Polygon block 89,018,051 transaction. According to TenArmorAlert, the hacker managed to withdraw roughly $263,800 despite the relatively low initial amount of money. The attack was on the legacy royalties program and not the fundamental structure of the Polygon blockchain.

Miscalculation in Reward Calculation Allowed for Overdraws

According to TenArmorAlert, the attack was possible due to issues in the reward calculation mechanism and reward accounting. Security company CertiK found out about an issue with the Royal1155LD.beforeLdaTransfer() function in the exploited contract.

Researchers state that the attacker made several zero-value transactions, manipulating reward calculation and ownership numbers. This vulnerability allowed the attacker to make the token balance higher under certain conditions.

The Defimon Alerts also provided other research by DecurityHQ. In this case, experts concluded that royalty miscalculations led to the exploit. This way, false ownership numbers were allowing for excessive reward claiming. In addition, the attacker used a flash loan to exploit this contract. After repaying the borrowed amount, the attacker got the rest of the money as a profit.

Still Vulnerable to Security Threats

The latest attack has come in light of other similar attacks on older versions of decentralized finance projects as well as dormant smart contract deployments. Attackers have recently carried out an exploitation of some old contracts of Huma Finance and have stolen roughly $101,400.

Researchers have been cautioning developers regarding the possible dangers of having old versions of smart contracts with available finances. The team should audit, update, deactivate, or completely remove the old deployment in order to mitigate the danger of any potential attacks. Polygon developers have confirmed that attackers have not been able to threaten the security of the main blockchain network.

Highlighted Crypto News:

SecondFi Exploit Exposes Wallet Keys, Putting More Than $20M in Cardano Assets at Risk 

Read the article at TheNewsCrypto

In This News

Coins

$ 0.167

+0.24%

$ 0.99978

0%

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

In This News

Coins

$ 0.167

+0.24%

$ 0.99978

0%

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

Read More

Bitwise Reports Third Consecutive Crypto Market Decline as Tokenized Assets Reach Record Highs

Bitwise Reports Third Consecutive Crypto Market Decline as Tokenized Assets Reach Record Highs

In its report on Q2 2026, Bitwise noted that it was another tough quarter for digital...
SWIFT’s Blockchain Ledger Goes Live, but Old Bottlenecks Persist

SWIFT’s Blockchain Ledger Goes Live, but Old Bottlenecks Persist

In Brief SWIFT's blockchain ledger goes live as 17 banks prepare pilot transactions....