en
Back to the list

White hat hacker gets $75,000 reward for detecting bug on Polygon (MATIC) | Invezz

source-logo  invezz.com 22 February 2022 07:14, UTC

Immunefi has announced that Polygon has patched a “high severity” vulnerability on the Polygon (MATIC/USD) network. The vulnerability could have caused massive losses amounting to billions of dollars.

Immunefi is a bug bounty platform, and it is used by protocols to pay cybersecurity firms and white hat hackers that detect bugs that could be exploited.

Polygon patches critical vulnerability

Are you looking for fast-news, hot-tips and market analysis? Sign-up for the Invezz newsletter, today.

Polygon is a layer-two network running on the Ethereum network. A report from Immunefi says that the bug was detected on January 15 by Niv Yehezkel, a white hat hacker. The bug would have enabled a threat actor to infiltrate the network and launch a series of attacks. The attacker could “drain all funds from the deposit manager, engage in unlimited withdrawals, DOS {Denial-of-Service attack] and more.”

The white hat hacker has received a reward of $75,000 for reporting the vulnerability. A post on Twitter said that if this bug was exploited, it would have risked billions of dollars. To exploit the bug, the attacker needed to fulfil three specific requirements. However, if they did, they could withdraw all tokens from the deposit manager.

The report added,

After this consensus bypass, the attacker can send malicious checkpoints that fake a withdrawal of tokens from Polygon that basically drains all tokens from the deposit manager, claiming all heimdall fees stored and more.

The chief technology officer at Immunefi, Duncan Townsend, said that the bug did not put the money at risk because it could not be exploited. Townsend also said that the reward was a “generous” offer.

Polygon is one of the largest blockchain networks in the market, with more than $4.17 billion in total value locked (TVL). Polygon has grown significantly, and it now supports some of the leading layer 2 projects such as Arbitrum and Optimism. The network secured $450M in a funding round led by the Sequoia venture capital firm.

Vulnerabilities on Polygon

The Polygon network has suffered from several security breaches in the past. In December, an attacker managed to steal $1.6 million worth of MATIC tokens due to a major bug. The network avoided further losses of $20 billion by patching the bug.

In October, Polygon patched another big that could have led to losses of around $850 million.

Invest in crypto, stocks, ETFs & more in minutes with our preferred broker, eToro
10/10
67% of retail CFD accounts lose money
Visit site
invezz.com