Polygon (MATIC), a protocol for creating Ethereum-compatible blockchain networks, outlined the logic for the hard fork on December 5 that went live across 90% of network validators by Block #22156660 in a blog post. A hacker exploited a weakness and stole 801,601 MATIC, worth $2.04 million at today’s exchange rate.
Until recently, the network has not made any public statements about what happened during the silent fix upgrade.
“All you need to know about the recent Polygon network update.
✅A security partner discovered a vulnerability
✅Fix was immediately introduced
✅Validators upgraded the network
✅No material harm to the protocol/end-users
✅White hats were paid a bounty”
— Polygon | MATIC 💜 (@0xPolygon) December 29, 2021
According to the post, the first white-hat hacker reports a suspect Immunefi exploit, which hosts Polygon’s $2 million bounty program. On December 3, and it was validated.
On Dec. 4, another white hat identified another vulnerability, for which a remedy was released immediately.
Between those two points, the vulnerability is for stealing MATIC tokens, the first of a sequence of transfers totaling 801,601 MATIC. Despite this, the remedy, a hard fork on Dec. 5, was able to protect a large sum of money for Polygon, since the vulnerability puts more than 9.27 billion MATIC at danger, valued $23.6 billion at press time. This also represents a significant portion of Polygon’s overall supply of 10 billion.
Polygon awarded a total of $3.46 million in a bounty to two white hats who assisted in the discovery of the issue. Leon Spacewalker received $2.2 million from Polygon’s bug bounty program, while another white hat who reported the identical problem received approximately $1.26 million.