Main navigation

With $850 Million at Risk, Polygon (MATIC) Paid Largest Bug Bounty in History

Advertisement
Fri, 22/10/2021 - 15:21
With $850 Million at Risk, Polygon (MATIC) Paid Largest Bug Bounty in History
Cover image via stock.adobe.com
Read U.TODAY on
Google News
Advertisement

Polygon, a red-hot smart contracts platform and L2 decentralized finances hub, shares the details of the largest possible hack in DeFi history.

How to make $850 million resubmitting Polygon transactions

According to the official post-mortem released by Immunefi, a multi-product bug bounty platform, in early October 2021, white-hat hacker Gerhard Wagner submitted a bug report to Polygon (MATIC).

According to this report, the flaw in Polygon's scaling solution, Plasma, allowed it to resubmit the burn transaction multiple times. The malefactor could send the withdrawn requests to Polygon again and again, up to 223 times.

Advertisement

To compromise Polygon Plasma Bridge, an attacker needed to just slightly modify some technical parameters of transactional data, i.e., the "first byte of the branch mask."

Given the aggregated amount of funds locked in the Deposit Manager Proxy of the bridge, more than $850 million of users' funds were at risk.

Largest threat, largest bounty

As such, Polygon could have been targeted by the largest attack in the history of DeFi segment: the current "leader," Poly Network, suffered from a $611 million exploit.

Related

The Polygon team awarded the largest bug bounty bonus ever to Mr. Wagner, $2,000,000 plus the commission of the Immunefi platform. The team responded to Immunefi's report in 30 minutes and confirmed the bug.

The team stressed that no users' funds are at risk as of now, and this white-hat hack should be a lesson for DeFi apps:

No user funds were lost (...) Let's build and make web 3.0 more resilient from such future attacks.

Related articles

Advertisement
TopCryptoNewsinYourMailbox
TopCryptoNewsinYourMailbox
Advertisement
Advertisement

Recommended articles

Latest Press Releases

Our social media
There's a lot to see there, too

Popular articles

Advertisement
AD