Polygon Justifies Its Quiet Hard-Fork Citing ‘Critical Vulnerability’

Source: AdobeStock / Dennis


Earlier this month, the favored Ethereum (ETH) layer-2 resolution Polygon (MATIC) carried out a hard-fork, although in silence and with no official clarification. Now, precisely 24 days later, it justified its actions in a postmortem, citing a important vulnerability that would have drained the community of MATIC 9.3bn (USD 23.56bn at present charges).

“Considering the character of this improve, it needed to be executed with out disclosing the precise vulnerability and with out attracting an excessive amount of consideration,” said Jaynti Kanani, co-founder and CEO of Polygon, including that they’re attempting to comply with the “silent patches” coverage.

Further detailing on the incident, the Polygon group mentioned {that a} whitehat hacker named Leon Spacewalker reported the vulnerability on December 3. Following the report, in coordination with Immunefi, a serious bug bounty platform for decentralized finance (DeFi) tasks, the group investigated blockchain exercise, validated a repair, and hard-forked on December 5. 

“The validator and full node communities had been notified, and so they rallied behind the core devs to improve the community. The improve was executed inside 24 hours, at block #22156660, on Dec. 5,” Kanani mentioned.

In mid-December, a number of Polygon group members took to Twitter to precise their frustration and bewilderment in regards to the replace, asking the group for some clarification. Considering that Polygon, presently ranked 14 when it comes to market capitalization, shouldn’t be an obscure crypto challenge, the sudden arduous fork was worrying to some.

“Are all of us supposed to only shut up and neglect about the truth that over every week in the past Polygon hard-forked their blockchain in the midst of the evening with no warning to a very closed-source genesis and nonetheless have not verified the code or defined what’s going on?,” one consumer said.

In response, ostensibly for the primary time, Polygon co-founder Mihailo Bjelic mentioned that the unscheduled hard-fork was as a consequence of “a vulnerability in one of many lately verified contracts,” disclosing no additional particulars.

Apparently, not the entire Polygon node operators, who’re chargeable for working the community software program, had been conscious of the hard-fork as some allegedly woke as much as their nodes disconnected.

Meanwhile, the group goals to pay out a bounty of USD 2.2m in stablecoins to the whitehat Spacewalker, and one other MATIC 500,000 (USD 1.2m) to “Whitehat2,” who had “submitted a report on December 4 referencing the identical vulnerability.”

While the group managed to forestall what might have been the most important exploit in DeFi historical past, some dangerous actors exploited the vulnerability previous to the replace and ran away with a portion of consumer funds.

“Additionally, a blackhat–or a set of blackhats–managed to steal 801,601 MATIC tokens utilizing the identical exploit earlier than the repair was applied,” Polygon mentioned. This is presently price over USD 2m. 

As of now, the title of the most important hack in DeFi historical past belongs to Poly Network, which misplaced over USD 600m in an exploit again in August.

At 8:33 UTC Wednesday morning, MATIC is buying and selling at USD 2.54, down by 5.6% over the previous 24 hours. The coin is up by 54% in a month and by 13,285% in a yr, in response to CoinGecko.


Learn extra:

– Polygon Makes USD 400M Bet On Ethereum Scaling, Pepsi Goes NFT + More News
– Watch: Polygon’s Co-founder On ‘Holy Grail’ of Scaling, Ethereum Merge, NFTs, and More

– Polygon Flips Ethereum in Daily Transactions, Price Hits All-Time High
– Santa Hackathon? Visor Finance Marks seventh Hack in December


Recommended For You

About the Author: Daniel