The Polygon Network team revealed that they had patched a major security vulnerability in a recent network upgrade. The team was informed of the exploit via white hat hackers and the ImmuneFi bug bounty program.
The team at Polygon Network has revealed that it had patched a major exploit that would have affected nine billion MATIC tokens through a recent network upgrade. Published on Dec 29, the blog post talks about how the bug bounty platform ImmuneFi had worked with Polygon’s core development team to address the issue.
Polygon discloses major bug patch
The upgrade took place without an announcement on Dec 5. To keep the critical network vulnerability a secret so that it wouldn’t be exploited, the team made no mention of an upgrade. The upgrade itself caused no issues with the network and no user was affected after the whole incident.
Polygon’s co-founder Jaynti Kanani was happy with how the team managed the situation, saying that such a scenario was inevitable for all projects;
All projects that achieve any measure of success sooner or later find themselves in this situation. What’s important is that this was a test of our network’s resilience as well as our ability to act decisively under pressure. Considering how much was at stake, I believe our team has made the best decisions possible given the circumstances.
A white-hat hacker first submitted a report on the exploit to ImmuneFi, which has a $2 million bug bounty program. The team swiftly began looking at fixes once they learned of the vulnerability, and it took two days to fix the matter.
The Polygon team paid $3.46 million in bounties to two white hat hackers who helped discover the bug. However, one attacker managed to steal 801,601 MATIC before the patch, but the Polygon foundation will bear that expense.
Exploits still a major threat for DeFi
The Polygon team is fortunate that they were informed of the vulnerability and not too much damage was done through the exploit. The DeFi market in particular has been subject to a number of attacks this year, as it hosts a lot of money. Most of these were flash loan exploits, which remain one of the most popular approaches by malicious attackers.
Cream Finance, for example, suffered three flash loan attacks this year, losing $130 million in the last attack which took place in late October 2021. Between January and July 2021, the DeFi market lost a total of roughly $474 million, according to a report from cryptocurrency intelligence firm CipherTrade.
An exploit of Polygon would have likely sent shockwaves through the crypto world, as it is a celebrated project which has made great inroads over the past year. The project has done well on all fronts, most recently having Uniswap V3 launch on its network.
Disclaimer
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.