Polygon has quietly patched a vulnerability that compromised nearly $24 billion worth of its native token MATIC.
Bug found by whitehat hackers
According to a December 29 blog post from Polygon, the “critical” vulnerability in the network’s Proof-of-Stake (PoS) Genesis contract was first highlighted by two whitehat hackers via blockchain security and bug bounty hosting platform Immunefi. These hackers were given permission to detect a data breach.
All you need to know about the recent Polygon network update.
✅A security partner discovered a vulnerability
✅Fix was immediately introduced
✅Validators upgraded the network
✅No material harm to the protocol/end-users
White hats were paid a bounty https://t.co/oyDkvohg33
— Polygon | $MATIC 💜 (@0xPolygon) Dec 29, 2021
The vulnerability compromised more than 9.27 billion MATIC. Which is currently valued at approximately $23.6 billion (€20.8 billion). This figure represents the vast majority of the total stock of the 10 billion token.
Polygon noted that the bug was resolved in block #22156660 on December 5 at 07:27 UTC via an “Emergency Bor upgrade” to the main net. The network noted that a “malicious hacker” managed to steal 801,601 MATIC ($2.04/€1.80 million) before the bug was fixed. The blog post said the following:
“The Polygon core team contacted the group and the expert team at Immunefi and immediately introduced a solution. The validator and entire node communities have been notified. In this way, 80% of the network is upgraded within 24 hours.”
Polygon stated that the issue was resolved behind closed doors as it follows the “stilent patches” policy introduced by the Go Ethereum (Geth) team in November 2020. According to the guidelines, projects or developers report major bug fixes 4-8 weeks after they go live. This way they can prevent it from being abused at the time of patching.
According to Immunefi, Whitehat hacker “Leon Spacewalker” was the first to report on the vulnerability on December 3. He will be rewarded with $2.2 (€1.9) million in stablecoins for his efforts. The second unnamed hacker, referred to as “Whitehat2” will receive 500,000 MATIC ($1.27/€1.12 million) from Polygon.
Polygon’s co-founder Jaynti Kanani highlighted the network’s ability to quickly fix the critical bug. He said the following:
“This was a test of our network’s resilience and our ability to act decisively under pressure. Given how much was at stake, I think our team made the best decisions possible.”
According to data from Coingecko, MATIC costs $2.56 (€2.26) and the price has risen by more than 40% in the past 30 days. Despite the current declines in major crypto assets this month.