Bugs and vulnerabilities are part of a blockchain network. Polygon has revealed how he dodged a bullet after detecting a vulnerability, patching, upgrading the network, paying hackers a bounty, all with a silent patch.
Polygon’s Silent Patch
According to the latest blog post by the team, it all started when two whitehat hackers informed the bug bounty platform, Immunefi of an issue in the Polygon PoS genesis contract on December 3rd. The vulnerability in question could have enabled malicious entities to siphon off over 9.2 billion MATIC tokens (worth approximately $24 billion) out of MATIC’s total supply of 10 billion.
Following this, the Polygon core team partnered with hackers, as well as Immunefi, to introduce a fix by upgrading 80% of the network within 24 hours without stopping.
Even as the bug was fixed at block 22,156,660 on December 5th, without impacting the network in any way, an attacker was able to steal 801,601 MATIC right before the upgrade was carried out. The foundation stated that it will bear the cost of the theft.
In addition, Polygon donated a generous sum of approximately $ 3.46 million as a bonus to the two White Hats.
The foundation also revealed that the bug was fixed without notifying the community as it follows a “silent patches” policy. Interestingly, this policy was established by the Go Ethereum team, known as Geth, last year.
While speaking about how Polygon managed to avoid large-scale damage, Immunefi CTO Duncan Townsend said:
“The Polygon team’s response to this disclosure was swift and effective. That this incident had a happy ending is a testament to their expertise. Tight coordination with the Polygon validators helped avert what could’ve been a major disaster.”
A disturbing trend
The year was marked by big changes for the blockchain and the cryptocurrency industry. He managed to attract a good chunk of the attackers along the way, causing significant financial damage. Age-old risks are always true – where there is money, malicious entities will try to steal it.
According to the recent stats, attackers managed to get away with over $4 billion worth of cryptocurrencies this year, nearly 3x compared to 2020. DeFi protocols alone accounted for $1.4 billion of the total crypto funds lost.
