The white hacker who discovered the bug received $3.46 million for the information.
The Polygon blockchain project team carried out an unscheduled upgrade of their network on December 5 to avoid theft of the $24 billion MATIC token, TheBlock reported, citing a press release. The project tells the details of the hard fork.
- It turned out that on December 3, a participant in the Immunefi bounty program informed the platform about a critical vulnerability of the Polygon network. The problem is found in the genesis contract – it doesn’t have a mechanism to check the balance, the developer says. In the event of exploitation of errors by cybercriminals, the project could lose ~9.3 billion MATIC tokens, which is 93% of the total supply of this cryptocurrency. As of December 5, the potential damage cost was $24 billion, according to TheBlock.
- To fix the bug, the Polygon team performed an unscheduled upgrade of their test network in Mumbai on the same day. A few hours later, on December 4th, an unknown attacker took advantage of the bug and withdrew 801.6K MATIC tokens (~$2 million) from the main network. On the morning of December 5th, the developers hard forked the project’s main network, but until yesterday they didn’t tell us why.
- White hacker @leonspacewalker was the first to report the vulnerability to Immunefi. Then, the information was sent by another unnamed expert. Polygon paid out two white hackers for a total bounty of $3.46 million. Spacewalker received $2.2 million worth of stablecoins, and an anonymous hacker received 500,000 MATIC tokens (~$1.25 million).
- The cost of replacing the 801.6 thousand stolen tokens is borne by the Immunefi Foundation, the project said.
- In the middle of the month, the hard fork was commented on by Polygon co-founder Mikhail Belich. In a Twitter post, the project head talked about finding the vulnerability in response to user questions. It is noteworthy that he reported no losses.
- Belich noted that Polygon is investing in security and improving security practices across all projects.
- The price of the MATIC token fell 0.71% against the background of the news.
As a reminder, in October another white hacker helped find a bug in the Polygon network. Immunefi awarded Gerhard Wagner a $2 million award.
Read also: hackers hacked Badger DAO’s DeFi protocol and took $120 million worth of assets from it.