Whitehat Leon Spacewalker presented to the Polygon development team a scenario of an attack that might result in the loss of $23.2 billion in MATIC tokens, which has since been rectified.
Polygon, an Ethereum-based layer-two scaling network, discreetly patched a significant flaw earlier this month that put over $24 billion worth of its native token, MATIC, at danger.
Attackers could have stolen all 9,276,584,332 MATIC worth about $23.2 billion at the time of writing due to a lack of balance/allowance check in the transfer function of Polygon’s MRC20 contract.
The Polygon team stated why they chose not to publicise the incident until a network upgrade that corrected the vulnerability was implemented in a blog post published on Wednesday.
“Considering how much was at stake, I believe our team has made the best decisions possible given the circumstances,” said Polygon co-founder Jaynti Kanani.
Polygon acted quickly to resolve the bug after receiving the notification from Leon Spacewalker. Immunefi claims to have aided in the investigation of blockchain activity, validation of the repair, and advice on the hard fork.
The bug was fixed at block 22,156,660 via a “Emergency Bor Upgrade” to the mainnet on December 5 at around 7:27 a.m. UTC, according to Polygon.
However, before the bug was fixed, a “malicious hacker” stole 801,601 MATIC ($2.04 million), according to the network. According to the blog post:
“The Polygon core team engaged with the group and Immunefi’s expert team and immediately introduced a fix. The validator and full node communities were notified, and they rallied behind the core devs to upgrade 80% of the network within 24 hours without stoppage.”
A succession of high-profile assaults have hit the decentralized finance (DeFi) industry. According to the assault scenario described by Neodyme crypto security specialists, the Solana (SOL) ecosystem might lose $2.6 billion in Decentralized Finance (DeFi) protocols.