DeFi News

Polygon Bug Put $24 Billion Worth Matic at Risk Until its Recent Hard Fork

Polygon will pay out a bounty of $2.2m in stablecoins to Leon Spacewalker and 500,000 MATIC to Whitehat2 hacker.

Written By:
Ritu Lavania
Polygon Bug Put $24 Billion Worth Matic at Risk Until its Recent Hard Fork

In Brief:

  • Polygon revealed that a recent update to its mainnet was released to fix a bug. 
  • The ‘critical vulnerability’ could have led to a theft of over $24 billion worth of its native, MATIC tokens.
  • To tackle the defect, Polygon issued an emergency upgrade for its mainnet, and used the hardfork technique on December 5.

On 29th December, Polygon revealed that a recent update to its mainnet was issued to fix a bug that could have led to a theft of over $24 billion worth of its native, MATIC tokens.

Polygon also informed that it is paying out a heavy bounty of $2.2m in stablecoins to Leon Spacewalker and 500,000 MATIC to Whitehat2, for helping them fix the vulnerability that was first discovered on December 3. 

Polygon’s ‘Critical Vulnerability’ Saga

As per its official statement, a Whitehat hacker named Leon Spacewalker reported a serious vulnerability in Polygon on December 3. 

The defect consisted of a lack of balance or allowance check in the ‘transfer’ function of Polygon’s MRC20 contract. This further would have permitted an attacker to steal all the 9.2 billion MATIC tokens (as of December 5, the date of the fix) from that contract.

However, after the report by Leon Spacewalker, Polygon immediately set out to fix the bug.

Immunefi, the bug bounty platform for blockchain also confirmed the ‘defect’ and helped Polygon with the investigation of blockchain activity, validation of the fix, and advised a remedial ‘hardfork operation’.

To fix the bug, the Mumbai testnet update was completed on December 4, and the Polygon team was getting ready for the mainnet upgrade. 

However, before the mainnet upgrade was put into place, a hacker exploited the bug and stole 800K MATIC tokens. 

After this theft, another Whitehat hacker discovered the vulnerability and submitted a report to Immunefi. Following this, Polygon issued an emergency upgrade for its mainnet, and undertook the hardfork technique on December 5. 

This led to quite a murmur amongst netizens and the details of the fiasco were not released until 29th December.

On December 15, Mihailo Bjelic also tweeted out to explain the whole controversy and accepted that they were working to improve security practices across all Polygon projects.

Interestingly, in October too, Polygon had seen a ‘critical vulnerability’ that was discovered by a Whitehat hacker Gerhard Wagner and was immediately fixed within 30 minutes and to avoid an $850M hack.

TAGGED:
Avatar
By Ritu Lavania
Follow:
Ritu Lavania is a content writer at The Crypto Times. She is also a literature enthusiast who loves beautiful clicks, flowery letters and has started to appreciate NFT Art. She loves dogs (and wishes to pet them), loves elephants (but can't afford them), and also likes spiders (and has a few of these in her window grills).

Latest News

Follow US

Facebook X-twitter Instagram Telegram Linkedin