Polygon cited criticial vulnerability as the reason for the quiet hard-fork that happened earlier this month as we reported in our crypto latest news.
Polygon went through a hard fork earlier this month and now about 24 days later, the platform justified its actions citing a criticial vulnerability that could have drained the network of MATIC. The co-founder and CEO of Polygon Jayanti Kanani added that they are trying to follow the silent patch policy:
“Considering the nature of this upgrade, it had to be executed without disclosing the actual vulnerability and without attracting too much attention.”
2/2 ..vulnerability in one of the recently verified contracts. We immediately introduced a fix and coordinated the upgrade with validators/full node operators. No funds were lost. The network is stable.
A detailed blog post coming, we are finalizing additional security analyses.
— Mihailo Bjelic 💜 (@MihailoBjelic) December 15, 2021
Further detailing the incident, Polygon cited critical vulnerability and said a whitehat hacker named Leon SpaceWalker reported this vulnerability at the beginning of December. After the report, in coordination with Immunefi, a huge bug bounty platform for Defi projects, the team investigated blockchain activity and validated the fix so it hard-forked on December 5. Kanani said:
“The validator and full node communities were notified, and they rallied behind the core devs to upgrade the network. The upgrade was executed within 24 hours, at block #22156660, on Dec. 5.”
In mid-December, a few Polygon community members got frustrated and took it to Twitter to comment about the update asking the team for an explanation. Considering that Polygon ranked 14 in terms of market cap, this hard fork was really worrying for some, as one user said:
“Are we all supposed to just shut up and forget about the fact that over a week ago Polygon hard-forked their blockchain in the middle of the night with no warning to a completely closed-source genesis and still haven’t verified the code or explained what is going on?.”
Polygon’s co-founder Mihailo Bjelic said that the hard fork was due to a vulnerability in one of the verified contracts but didn’t give more details. Not all of the Polygon node operators that are responsible for running the network software, were aware of the hard fork as some only noticed their nodes being disconnected. In the meantime, the team aimed to pay a bounty of $2.2 million in stablecoins to the whitehat hacker and another $1.2 million to WhiteHat2 had submitted a report in December because of the same vulnerability.
Next time it happens can you at least announce a critical update to all Polygon node operators. Now this looks super unprofessional and confusing for the community. It was not mentioned or pinned down in any major channels or publications.https://t.co/naAFRIEEfS
— Mikko Ohtamaa 🐮 (@moo9000) December 15, 2021
While the team managed to prevent what could have been the biggest exploit in DeFi history, some of the bad actors exploited the vulnerability before the update and ran away with a chunk of their funds. Polygon noted:
“Additionally, a blackhat–or a set of blackhats–managed to steal 801,601 MATIC tokens using the same exploit before the fix was implemented.”
As of now, the title of the biggest Defi hack In Defi history belongs to Poly Network that lost $600 million in exploit in August. MATIC is trading at $2.54 as it dropped by 5.6% over the past day.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at editor@dcforecasts.com
Discussion about this post