Polygon, the PoS sidechain on Ethereum, opened up about a recent update after discovering a vulnerability that put almost all MATIC tokens at risk.
Bugs and vulnerabilities are part of a blockchain network. Polygon revealed how he dodged a bullet after detecting a vulnerability, introduced a fix, updated the network, paid a bounty to whitehat hackers, all with a silent patch.
According to the last post on the team blog, it all started when two whitehat hackers informed the bug bounty platform, Immunefi, about an issue with Polygon’s PoS generation contract on December 3rd.
The vulnerability in question could have allowed malicious entities to siphon over 9.2 billion MATIC tokens (worth approximately $24 billion) from the total MATIC supply of 10 billion.
Then Polygon’s core team joined forces with whitehat hackers as well as Immunefi to introduce a fix, updating 80% of the network in 24 hours non-stop.
Even with the bug fixed in block 22,156,660 on December 5th, without having any impact on the network, an attacker managed to steal the 801,601 MATIC just before the update was performed. The foundation said it will bear the cost of the theft.
Furthermore, Polygon paid a generous sum of around $3.46 million as a reward for the two whitehats.
The foundation also revealed that the bug was fixed without notifying the community as it follows a policy of “silent patches”. Interestingly, this policy was established by the Go Ethereum team, known as Geth, last year.
When talking about how Polygon was able to prevent large-scale damage, Immunefi CTO Duncan Townsend said:
“The Polygon team’s response to this disclosure was quick and effective. The fact that this incident had a happy ending is testament to his experience. Close coordination with Polygon validators helped avert what could have been a major disaster. ”
A worrying trend
The year has seen major changes for the blockchain and cryptocurrency industry. She managed to attract a fair share of invaders along the way, which caused significant financial damage. The old risks are still true – where there is money, malicious entities will try to steal it.
According Statistics In recent years, attackers managed to get away with over $4 billion worth of cryptocurrencies this year, nearly 3 times compared to 2020. DeFi protocols alone accounted for $1.4 billion of total lost crypto funds.