A “critical” vulnerability that risked $24 billion in user funds was quietly patched earlier this month by developers at Polygon, a scaling framework for Ethereum—though not before one attacker was able to steal $1.8 million in Polygon’s MATIC token.

The exploit was shared by white hat hackers on bug bounty platform ImmuneFi on December 3. An upgrade was initiated within 48 hours and, in a blog post Wednesday, the Polygon team explained that they chose not to reveal the incident until it was patched.

“Considering the nature of this upgrade, it had to be executed without attracting too much attention,” they wrote.

If left unaddressed, the smart contract vulnerability would have allowed attackers to mint more than 9.2 billion MATIC tokens (from a total supply of 10 billion) from its genesis contract. But Polygon’s prompt upgrade execution meant that no user funds were lost, and the upgrade was completed without a hitch.

$2 million in MATIC stolen

However, the quick-fix hard fork didn’t come soon enough to prevent one malicious attacker from using the exploit to steal over 800,000 MATIC (then worth around $1.8 million), before the patch was instituted—a loss that Polygon Foundation said it would cover.

The project’s…

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.