Polygon hacks in 2023

$54.7M drained from KyberSwap Elastic after a rounding error in concentrated-liquidity math let an attacker trick pools into recognising double the liquidity.

Lazarus drained $54M from CoinEx hot wallets across Ethereum, Tron, BSC and seven other chains, reusing infrastructure from the prior week's Stake.com hit.

Stake.com lost $41M from hot wallets on Ethereum, BSC and Polygon in 90 minutes; the FBI formally attributed the heist to Lazarus and listed 40 addresses.

A missing access check in Sushi's RouteProcessor2 router let bots drain $3.3M in WETH from users with token approvals before a white-hat rescue.

Reporting an absurd WALBT price to BonqDAO's Tellor oracle (cost: 10 TRB, under $1K) minted $120M and collapsed protocol TVL by 99.66% in a single transaction.

Midas Capital on Polygon lost $660K to a Curve read-only reentrancy that mispriced jBRL/BRZ LP collateral, letting the attacker borrow against inflated value.