Hacker helps Polygon save $24 billion, gets $2.2 million as reward

A hacker has helped Ethereum based layer 2 blockchain scaling solutions provider Polygon avert a disaster potentially worth $24.2 billion on December 3, the company said in a statement. He was then rewarded with about $2.2 million in stablecoins by Polygon.   

The hacker, who goes by the name of Leon Spacewalker on social media platforms Twitter and GitHub, revealed a critical layer in a smart contract, which held about $24.2 Billion Matic tokens, as of December 3. Their current worth is around $9 billion.   

The problem was rooted in a critical vulnerability in Polygon’s proof-of-state genesis contract.    

The vulnerability was first reported on the bug bounty platform called Immunefi, a 3D bug bounty program, after Spacewalker discovered the bug and informed Polygon, the company confirmed the vulnerability, and went on to updated its Mumbai testnet.  

The company confirmed that the security hole was taken care of by December 5.   

However, Polygon were unable to avoid losing about 801,601 Matic coins, which are currently estimated to be worth more than $2 billion.   

“That this incident had a happy ending is a testament to their expertise. Tight coordination with the Polygon validators helped avert what could’ve been a major disaster,” said Immunefi’s Dunchan, the Chief Technology Officer of the company.   

On December 5, Polygon’s co-founder Mihalo Bjelic said that his company was “investing much more in security and they are making an effort to improve security practices across all Polygon projects. The complete details, however, were not released to the public post on December 29. Polygon’s usual bug bounty program is hosted at $2 million, however, an expectation was made for the White Hat hacker.   

Going into the technicalities, the upgrade to fix the issue was executed on December 5, however, CoinSwitch claimed that the change did not impact the performance of the network “In a major way”.