The update carried out on December 5 was aimed at closing that security breach. Polygon thanked the white hat hackers who reported the vulnerability, though that didn’t stop malicious actors from stealing more than 801,500 MATIC taking advantage of that failure.
Recently published reports indicate that the protocol that proposes scalability solutions for the network of Ethereum, Polygon, was exposed to a possible security breach that put all tokens at risk MATIC currently issued, which is why you had to perform a major update (Hard Fork) earlier this month.
The error present in the protocol Polygon
As such, critical vulnerability was present in the genesis contract of Polygon, in which everything associated with the algorithm is handled Proof-of-Stake (PoS) under which the network works. Reports report that the breach may have allowed attackers to steal more than 9.2 billion tokens. MATIC, This being a figure that is close to the total number of tokens currently in circulation.
The person responsible for making this vulnerability visible was the white hat hacker known as Leon Spacewalker, who published the information through the rewards platform Immunefi. After verifying the veracity of the reports, those responsible for the portal contacted the team of Polygon that same day, confirming the current gap and planning the update in question.
Although the team moved quickly and was able to test the corresponding update on their Mumbai testnet, unfortunately before it was rolled out on the mainnet an unknown actor exploited the vulnerability and stole more than 801,500 MATIC. Aware of what happened, the staff of Polygon indicated for the tranquility of the users that they would assume the losses, so that no network operator would be affected.
After this event, another white hat hacker informed the team of Immunefi on vulnerability, which showed that more and more people were realizing the possibilities. With this, finally the team of Polygon ended up sealing the gap after the update made on December 5.
Informing the community
As such, the team of Polygon revealed today all the details associated with this case, although previously on social networks some rumors were moved in relation to what happened. Critics highlighted the haste and secrecy with which the situation was handled, all without notifying the community in a relevant way.
In this regard, the co-founder of Polygon, Mihailo Bjelic, confirmed the rumors about the vulnerability and added:
“Now we are investing much more in security and we are making an effort to improve security practices in all Polygon projects”
For its part, the team of Polygon indicated that the situation was handled in this way by the policy called “silent patches”:
“Overall, the development team struck the best possible balance between openness and doing what is best for the community, partners and the wider ecosystem, in handling this extremely urgent and sensitive issue. But everyone can make their own judgment about what happened. “
As such, the team of Polygon thanked Spacewalker and the other hacker for reporting what happened, and awarded them a bonus of USD $ 2.2 million and USD $ 1.27 million respectively in tokens. MATIC.
Version by Angel Di Matteo / Daily bitcoin
Picture of Unsplash