Connect with us

Plato Vertical Search

Blockchain

‘Critical’ Polygon bug put $24 billion in tokens at risk until recent hard fork

Polygon was at risk of losing nearly all of its MATIC tokens until it upgraded its network earlier this month.

The post ‘Critical’ Polygon bug put $24 billion in tokens at risk until recent hard fork appeared first on The Block.

Ethereum scaling project Polygon was at risk of losing nearly all of its MATIC tokens until it upgraded its network earlier this month.

The problem was a “critical” vulnerability in Polygon’s proof-of-stake genesis contract, which could have allowed attackers to steal over 9.2 billion MATIC tokens (currently worth over $24 billion). The total supply of MATIC tokens is 10 billion.

The vulnerability was reported on the bug bounty platform Immunefi by a whitehat hacker known as Leon Spacewalker. According to details shared Wednesday, the bug essentially could have allowed attackers to arbitrarily mint all of Polygon’s more than 9.2 billion MATIC tokens from its MRC20 contract.

After Spacewalker found the bug, Immunefi informed the Polygon team the same day. The team then confirmed the vulnerability and moved to update the Polygon network, initially with an update for its Mumbai testnet.

According to Polygon, the testnet update was completed on December 4, and the team was preparing for the mainnet upgrade. Yet before the mainnet upgrade was undertaken, a malicious actor exploited the bug and stole 801,601 MATIC tokens (currently worth over $2 million). Polygon has said it will bear the cost of the theft.

After the MATIC tokens were stolen, a second whitehat hacker (who remains anonymous) discovered the vulnerability and submitted a report to Immunefi. Polygon then released an emergency upgrade for its mainnet, with the hard fork taking place on December 5. 

Though details of the incident wouldn’t be released until December 29, chatter on social media in mid-December emerged about Polygon’s silent, zero-warning hard fork.

At the time, Polygon co-founder Mihailo Bjelic said that there was a vulnerability and that the team would release additional details. “We are now investing much more in security and we’re making an effort to improve security practices across all Polygon projects,” he wrote at the time. 

As for why the project waited until now to disclose the bug, Polygon said it follows a “silent patches” policy introduced and used by Geth (an Ethereum software client) team, explaining:

Advertisement. Scroll to continue reading.
‘Critical’ Polygon bug put $24 billion in tokens at risk until recent hard fork Blockchain, Featured, Home CoinGenius Hosts Virtual Crypto Event The Road To Mass Adoption

“All in all, the core development team struck the best possible balance between openness and doing what is best for the community, partners and the broader ecosystem in handling this extremely urgent and sensitive issue. But you can be the judge of that.”

The Polygon team awarded bug bounties worth roughly $3.46 million, with Spacewalker receiving $2.2 million worth of stablecoins, and the anonymous whitehat hacker receiving 500,000 MATIC tokens (currently worth over $1.27 million).

The market for MATIC doesn’t appear to have been affected by the bug news, with the token trading at around $2.59 as of press time.

© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.

Click here to access.

Source: https://www.theblockcrypto.com/post/128784/polygon-critical-bug-24-billion-matic-tokens-at-risk-hard-fork?utm_source=rss&utm_medium=rss

Advertisement

Latest Blockchain Streams

Blockchain

SkyBridge Capital founder Anthony Scaramucci says that Algorand (ALGO) will challenge leading competitors in the crypto industry just as Google did in the early...

Blockchain

The post Big Gains Ahead For BTC, ETH, CRO and VET Price ! Here are the Next Levels To Watch appeared first on Coinpedia...

Blockchain

The post Cardano Price To Rally Beyound $1.6 , More Than 50% Rally On Horizon appeared first on Coinpedia - Fintech & Cryptocurreny News...

Blockchain

The post AAVE Price Poised For 5x Rally in 2022! What Traders Can Expect in Coming Days ? appeared first on Coinpedia - Fintech...