Hacker Exploits Vulnerability To Steal 801,601 MATIC Tokens From Polygon

Hacker Exploits Vulnerability To Steal 801,601 MATIC Tokens From Polygon

Polygon network, home to the popular MATIC token, has announced that its platform was exploited by an attacker to steal funds. It is now the latest in a long line of platforms that have announced that they have fallen victim to attacks where the hacker has been able to make off with tokens. The hack on Polygon shows that even some of the most secure and popular networks can end up exploited by hackers.

Yes, Polygon Was Hacked

In a blog post on its website, the Polygon team had confirmed the vulnerability and the subsequent attack that exploited this to steal the tokens. It explained that it was indeed aware of this vulnerability that was brought to its attention by a white hat hacker as part of the bug bounty program that it had set up with partner Immunefi and they had swung into action to fix this.

However, before the recommended upgrade which was provided to node operators could go into full effect, a hacker had managed to exploit the same vulnerability to steal tokens. In a series of transactions, the hacker was able to remove hundreds of thousands of MATIC tokens, 801,601 to be precise, worth over $2 million going by the value of the token at the time of writing.

The Polygon Foundation confirmed that users of the network were safe and it would bear the cost of the theft.

Fixing The Vulnerability

Concerns had arisen among the Polygon community when on December 5th, there had been an impromptu hard fork. The release of an unannounced but important update had community members questioning what was the reason for it. As it turns out, Polygon had actually fallen victim to a hack and would keep this information close to its chest until almost a month after.

In the announcement, Polygon confirmed that they had gotten the vulnerability under control through a concerted effort between the Polygon team, Immunefi, and two white hat hackers who shed light on the issue at various points.

The upgrade that was pushed out on December 5th went into effect and Polygon explained that this had helped fix the issue. “The validator and full node communities were notified, and they rallied behind the core devs to upgrade 80% of the network within 24 hours without stoppage,” the statement read.

Both white hat hackers who helped discover the bug were compensated a combined total of $3.46 million as part of the bug bounty program. As for Polygon, it came out with a happy ending in what Duncan Townsend, Immunefi’s CTO, said: “could’ve been a major disaster.”


Subscribe to get our top stories