Polygon (MATIC) Fixes Security Flaw With Whitehat’s Help
• February 22, 2022 2:58 pm • CommentsThe popular proof-of-stake ecosystem, Polygon, recently fixed a security flaw that was considered a high severity problem that could have caused the sidechain to lose billions of dollars.
The flaw was a “consensus bypass” flaw that was discovered by a whitehat that had pointed out the system vulnerability and realized that this could be used to drain funds and make unlimited withdrawals.
As a result, the company rewarded whitehat Niv Yehezkel with a reward of $75,000 and has put the community on alert about any other possible vulnerabilities.
Yehezkel once again confirmed the severity of the issue on Twitter mentioning that the flaw could have cost billions of dollars in fraudulent transactions.
Whitehat Hacker Rewarded $75,000 for Saving User Funds
Sentiment: Positive
After over a month, Immunefi has released the inquest into the bug that was identified by a white hat hacker on the Polygon…
Brief: https://t.co/RVYb81nqMjhttps://t.co/k5q9SGfYI2
— BrieflyRekt (@BrieflyRekt) February 22, 2022
IBtimes reports:
The vulnerability, first identified by whitehat Niv Yehezkel on Jan. 15, would have allowed an attacker to bypass the network’s consensus threshold and “drain all funds from the deposit manager, engage in unlimited withdrawals, DoS [Denial-of-Service] attack, and more,” according to the Immunefi bug fix report published on Monday.
If not detected earlier, an attacker could exploit the system’s weak spot and withdraw all the tokens from the network’s deposit manager.
“After this consensus bypass, the attacker can send malicious checkpoints that fake a withdrawal of tokens from Polygon that drains all tokens from the deposit manager, claiming all Heimdall fees stored and more,” the report said.
According to Defi Llama statistics, Polygon has approximately $4.17 billion in total value locked up across its DeFi ecosystem.
It is Ethereum’s most popular sidechain, with a higher value than Layer 2 networks such as Arbitrum and Optimism.
Polygon had recently gathered a lot of investor interest when it was able to achieve a $450 million investment round that was led by well known venture capital firm Sequoia.
This was not the first time that Polygon had experienced security flaws that could have affected the users and its ecosystem.
In the past, there was a $850 million exploit that was discovered back in October making it fairly recent where it rewarded the whitehat who discovered it $2 million.
A hacker had also previously stolen $1.6 million in MATIC tokens in the month of December.
All the incidents indicate that as a blockchain continues to gather more interest and starts to grow, it will also be a target of many hackers.
Although a concern for some investors as this could affect the future growth of a chain, other investors consider it a growing pain that all blockchains will inevitably experience as they grow.
Polygon Whitehat Rewarded $75,000 for Saving Billions in User Funds https://t.co/9QxcFyXr7M
— Dalvir (@CryptoDalvir) February 22, 2022
BeInCrypto reports:
White hat Hackers have been playing their own part in safeguarding the nascent cryptocurrency ecosystem for potential exploits.
Last week, Coinbase paid its “largest-ever bug bounty” of $250,000 to Tree of Alpha, a hacker that found a flaw in the platform’s advanced trading feature.
Moreover, after the Poly Network hacker returned the assets in “good faith”, the team offered a reward of $500,000 and a position as the platform’s “Chief Security Advisor.”
As part of the efforts to protect investor funds, Immunefi prides itself as being Web 3’s leading bug bounty platform.
According to its website, it has paid over $10 million as a reward and has averted potential losses of over $20 billion since its launch.
At the time of writing, Polygon (MATIC) has a total market cap of $11.6 billion and is currently ranked the 16th largest coin which indicates significant growth compared to what it was a couple years ago.
Join the conversation!
We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.