To fix a critical bug, Polygon launched a covert hard fork earlier in December.
A critical bug in one of Polygon’s contracts was temporarily hacked for $1.6 million, according to the company’s core development team.
Polygon, an Ethereum Proof-of-Stake sidechain, revealed in early December that through a hard fork the company managed to fix a critical bug. Nonetheless, an anonymous hacker took the opportunity to steal $1.6 million in MATIC tokens before the hardfork, according to the company in a blog post published 24 days later on Thursday.
Leon Spacewalker and Whitehat2, two ethical hackers affiliated with bug bounty site Immunefi, warned Polygon of a weakness at the beginning of the month. The bug was discovered in the MRC20 contract’s transfer function, primarily utilized for gasless transactions.
Polygon fixed this bug once it was discovered by using a covert hardfork that worked side by side with all of its validators and node operators. Despite the fact that the flaw was patched within a few days, the anonymous hacker was able to obtain 801,601 MATIC tokens worth north of $1.6 million.
In the aftermath, the Polygon team stated: “Despite our best efforts, a malicious hacker was able to use the exploit to steal 801,601 MATIC before the network upgrade took effect.”
If the bug had not been reported, this occurrence could have been way worse said Immunefi in addition to the Polygon team remarks. If not reported, the hackers could have stolen $20 million worth of MATIC tokens, equivalent to 9.2 billion tokens.
Jaynti Kanani, the co-founder of Polygon said that given the unfortunate circumstances, their team did the best job possible. The ethical hackers were rewarded by Polygon for their trouble with a jaw-dropping sum of $3.46 million, while it has taken the responsibility to cover the damage of the stolen tokens.
Polygon has gone through this ordeal before in October, where they fixed a critical bug on Plasma Bridge which had locked funds of roughly $850 million.