A Hacker Stole $1.6M After Exploiting a Polygon Bug
analysis

A Hacker Stole $1.6M After Exploiting a Polygon Bug

THELOGICALINDIAN - Polygon deployed a stealth adamantine angle beforehand this ages to application a analytical bug

The amount development aggregation abaft Polygon has appear that a analytical bug in one of its affairs was briefly exploited for $1.6 million.

Polygon Was Secretly Hardforked to Patch Critical Bug

Polygon, a Proof-of-Stake sidechain on Ethereum, has appear that a analytical bug on the arrangement was anchored via a adamantine angle on Dec. 5. Before the hardfork, an alien hacker blanket $1.6 actor in MATIC tokens, the aggregation appear in a Thursday blog post, 24 canicule afterwards the event.

In the aboriginal anniversary of December, Leon Spacewalker and Whitehat2, two ethical hackers associated with bug compensation belvedere Immunefi, notified Polygon of a vulnerability. The bug was begin in the alteration action of its MRC20 arrangement acclimated for gasless affairs on the network.

After the bug was reported, Polygon patched it by leveraging a stealth adamantine angle alive alongside all of its validators and bulge operators. Even admitting the vulnerability was anchored aural a few days, it could not stop an alien atramentous hat hacker from burglary 801,601 MATIC tokens account $1.6 actor at the time. In a post-mortem, the aggregation reported:

“Despite our best efforts, a awful hacker was able to use the accomplishment to abduct 801,601 MATIC afore the arrangement advancement took effect.”

The bearings could accept been far worse had this been delayed further. Immunefi, which assisted Polygon in deploying the fix, stated in a altered blog column that if the Polygon bug had not been reported, awful hackers could accept drained almost 9.2 billion MATIC tokens admired at about $20 billion at the time.

Commenting on the accomplish taken by the aggregation to application the vulnerability, Polygon co-founder Jaynti Kanani said the aggregation “made the best decisions accessible accustomed the circumstances.”

Polygon has paid compensation rewards of about $3.46 actor to the ethical hackers who appear the bug. In addition, the aggregation said it will buck the amount of baseborn MATIC tokens.

This was not the aboriginal time back a analytical bug was apparent and patched on Polygon. In October 2021, Polygon patched a analytical bug on its Plasma Bridge that had $850 million in bound funds.

Polygon did not analyze why the drudge was not fabricated accessible for 24 days. Representatives from the activity did not acknowledge to Crypto Briefing’s requests for animadversion at columnist time.