- This might have been a lot worse if this had been put off any longer.
- After discovering the flaw, Polygon used a stealth hard fork.
According to Polygon, an Ethereum sidechain specializing in Proof-of-Stake, on December 5, a significant flaw in the network was addressed by a hard fork. In a Thursday blog post, 24 days after the hard fork, the MATIC team disclosed that an anonymous hacker had stolen $1.6 million in MATIC tokens.
Two ethical hackers affiliated with bug bounty platform Immunefi, Leon Spacewalker and Whitehat2, alerted Polygon to a vulnerability in the first week of December. It was determined that a problem had been discovered in its MRC20 contract for gasless transactions.
Black Hat Hacker
After discovering the flaw, Polygon used a stealth hard fork that worked with all of its validators and node operators to correct it. Despite the vulnerability being quickly patched, an unnamed black hat hacker nevertheless managed to make off with 801,601 MATIC tokens, which were then worth $1.6 million.
The team reported:
“Despite our best efforts, a malicious hacker was able to use the exploit to steal 801,601 MATIC before the network upgrade took effect.”
This might have been a lot worse if this had been put off any longer. Malicious hackers might have stolen around $20 billion worth of MATIC tokens if the Polygon problem hadn’t been disclosed, according to Immunefi, which worked with Polygon to install the patch.
This wasn’t the first time a severe flaw in Polygon’s software had been uncovered and fixed. As of October 2021, a significant flaw in Polygon’s Plasma Bridge was addressed with $850 million of locked assets.
