A Hacker Takes Advantage of a Vulnerability to Steal 801,601 MATIC Tokens From Polygon
The Polygon network, which is home to the popular MATIC token, has reported that an attacker used their platform to steal cash. It is the latest in a long line of platforms to reveal that they have been the target of hacking incidents in which hackers were able to steal tokens. Polygon’s attack demonstrates that even the most secure and popular networks may be compromised by hackers.
The Polygon team verified the vulnerability and subsequent assault used to steal the tokens in a blog post on their website. It said that it was aware of the vulnerability, which was brought to its notice by a white hat hacker as part of the bug bounty programme it had established with partner Immunefi, and that they had leapt into action to address it.
However, before the suggested patch for node operators could be fully implemented, a hacker exploited the same vulnerability to steal tokens. The hacker was able to steal hundreds of thousands of MATIC tokens, 801,601 to be exact, valued more than $2 million at the time of writing. The Polygon Foundation verified that network users were protected and that it would cover the theft’s costs.
Identifying and Correcting The Vulnerability
Concerns had been raised within the Polygon community after an unexpected hard fork on December 5th. Community members were left perplexed by the introduction of an unexpected yet significant upgrade. As it turned out, Polygon had been hacked and would keep this information under wraps for over a month.
Polygon acknowledged in the release that they have resolved the vulnerability after a coordinated effort by the Polygon team, Immunefi, and two white hat hackers who gave insight on the problem at different times.
The December 5th update took effect, and Polygon said that it assisted in resolving the problem. “The validator and full node communities were contacted, and they rallied behind the core developers to update 80% of the network without interruption within 24 hours,” the statement added.
Both white hat hackers that assisted in the discovery of the problem received a combined compensation of $3.46 million under the bug bounty programme. As for Polygon, it emerged victorious from what Duncan Townsend, Immunefi’s chief technology officer, described as a “huge tragedy.”