Blockchain

Polygon Has Fixed a Critical Bug Which Put $24 Billion $MATIC in Danger

What Happened?

On December 3, Whitehat Leon Spacewalker revealed a significant vulnerability in Polygon. An attacker might have stolen all 9,276,584,332 $MATIC from Polygon’s MRC20 contract due to a lack of balance/allowance check in the transfer function. Polygon acted quickly to resolve the problem after receiving the notification from Leon Spacewalker. Immunefi (a Web3 bug bounty platform) is supported the investigation of blockchain activity, the validation of the repair, and the hardfork operation advice.

While Polygon was working on the remedy, a second hacker sent a report on December 4 mentioning the same vulnerability. Polygon decided to make an exception and awarded him 500,000 $MATIC.

Polygon is rewarding Leon Spacewalker with $2.2 million in stablecoins. In acknowledgement of the seriousness of the vulnerability, the $2.2 million exceeds the maximum amount of Polygon’s critical bounty.

Looking ahead to the future of DeFi, this won’t be the last time a severe bug is discovered. More projects will have crucial vulnerabilities buried in their code as more money pours into DeFi at historic levels. It’s unavoidable, and the only difference is whether future projects implement extensive security measures and do everything possible to safeguard their code. An essential strategy to ensure live code is to provide a massive bug reward.

Timeline

  • Dec. 3, 10:11 (UTC): The first white hat hacker submits a report of a possible exploit to Immunefi, which hosts Polygon’s $2 million bounty program.
  • Dec. 3, 16:18 (UTC): Polygon confirms the vulnerability. Within one hour, various options are considered. The decision is made to upgrade the mainnet as soon as possible.
  • Dec. 3, 20:18 (UTC): The Polygon team provides release Bor v0.2.12-beta1 to validators on Mumbai testnet at Block #22244000
  • Dec. 4, 04:26 (UTC): Mumbai update is complete. The Polygon team, white hat and Immunefi validate the fix and prepare for the update of the mainnet.
  • Dec. 4, 13:46 (UTC): The vulnerability is used to steal MATIC tokens, the first in a series of transfers that removes 801,601 $MATIC in total.
  • Dec. 4, 18:53 (UTC): The second white hat submits a report to Immunefi.
  • Dec. 4, 21:08 (UTC): The Polygon team informs Validators of an “Emergency Bor Upgrade for Mainnet.”
  • Dec. 5, 07:27 (UTC): Mainnet update is complete for +90% validators at Block #22156660.

For more information, you can read Polygon’s Blogspot here.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Hazel

CoinCu News

Victor

Recent Posts

Bitcoin Spot ETF Inflows Hit $1 Billion Led By BlackRock

Bitcoin Spot ETF inflows hit $1.005B on Nov 21, led by BlackRock’s $608M and Fidelity’s…

9 minutes ago

Best Altcoins to Buy Today: Qubetics Rides 1000x Potential to Hit $2.6M, Ethereum Stays Rangebound, Tron USDT Transactions Hit $52B

Discover the best cryptos to buy and hold today: Qubetics leads with 1000x potential, Ethereum…

2 hours ago

Trump Media Company Is Pushing New Venture For Crypto Service

With the platform facing a cracked whip, Trump Media company is expanding into new business…

3 hours ago

Crypto Advisory Council Now A White House Position Attracting Leaders

Major crypto firms, including Ripple, Kraken, and Circle, are competing for spots on President-elect Donald…

4 hours ago

Analyst Sounds Major Breakout Alert Amid Shiba Inu, WallitIQ, And Dogecoin Price Recoveries

Analysts highlight a breakout alert as Shiba Inu (SHIB), and Dogecoin show signs of recovery…

4 hours ago

SEC Chair Gary Gensler Will Lose Power From January 20

SEC Chair Gary Gensler will step down on January 20, 2025, coinciding with President-elect Donald…

4 hours ago

This website uses cookies.