Polygon Fixed a Bug That Could Have Caused the Loss of MATIC $24 Billion
Ethereum-based scalable second-tier network Polygon has patched a vulnerability that threatened nearly $24 billion in its own MATIC token.
According to a December 29 Polygon blog post, a critical vulnerability in the Genesis Proof-of-Stake (PoS) network contract was first discovered by two whitehat hackers on December 3 and 4 through a blockchain security enhancement platform called Immunefi, which pays rewards for detecting network errors.
More than 9.27 of 10 billion MATICs could be missing because of the vulnerability, which at the time of writing was equivalent to approximately $23.6 billion.
Polygon noted that this critical bug was resolved at block #22156660 through a “Bor crash update” on the main network on December 5 at approximately 7:27 am UTC.
Polygon noted that before the bug was fixed, the “malicious hacker” managed to steal 801,601 MATICs ($2.04 million):
“The Polygon core team engaged with the group and Immunefi’s expert team and immediately introduced a fix. The validator and full node communities were notified, and they rallied behind the core devs to upgrade 80% of the network within 24 hours without stopping.”
Polygon said the issue has been silently fixed as it is in line with company policy. As per the guidelines, projects or developers report major bug fixes 4-8 weeks after they appear, to avoid the risk of exploiting vulnerabilities during the patching process.
According to Immunefi, hacker “Leon Spacewalker” first reported the security hole on December 3 and will be rewarded with $2.2 million worth of stablecoins for his efforts, while the second unnamed hacker will receive 500,000 MATIC ($1.27 million) from Polygon.