The cryptocurrency sector is not new to cybersecurity attacks whereby threat actors exploit given vulnerabilities to compromise protocols. The latest protocol to detect a vulnerability on its network is Polygon.
Polygon is a layer two scaling solution based on the Ethereum blockchain. The network has announced that it fixed a vulnerability that had compromised $24 billion worth of MATIC tokens.
Vulnerability on Polygon’s PoS Genesis contract
In a blog post published on Wednesday, Polygon stated that a critical vulnerability was detected on the Genesis contract. The vulnerability was initially detected by two white hat hackers earlier this month. The two white hats detected it using blockchain security and Immunefi, a bug bounty hosting platform.
The vulnerability exposed over 9.27 billion MATIC tokens, valued at around $23.6 billion at the current prices. The total MATIC tokens that were at risk following this vulnerability is significant, given that the entire supply for MATIC tokens is $10 billion.
The report from MATIC assured users that the bug had been fixed at the 22,156,660 block using an “Emergency Bor Upgrade” on the mainnet. The fix was complete on December 5. However, the threat actor had already stolen 801,601 MATIC tokens valued at $2.04 million.
“The Polygon core team engaged with the group and Immunefi’s expert team and immediately introduced a fix. The validator and full node communities were notified, and they rallied behind the core devs to upgrade 80% of the network within 24 hours without stoppage,” the blog post read.
Issue solved quietly
Polygon also noted that the issue had been resolved quietly through the “silent patches” policy launched in November 2020 by the Go Ethereum team. Immunefi also notes that the first white hacker who reported the bug, Leon Spacewalker, will receive $2.2 million worth of stablecoins as a reward. The second white hat hacker will receive 500,000 MATIC tokens valued at around $1.27 million.
The co-founder of Polygon, Janti Kanani, noted that the network had successfully managed to avert a major attack that could have been carried out using this vulnerability. In the blog post, he mentioned the resilience and the ability of the network.
“What’s important is that this was a test of our network’s resilience as well as our ability to act decisively under pressure. Considering how much was at stake, I believe our team has made the best decisions possible given the circumstance,” Kanani noted.
Your capital is at risk.