Whilst Polygon did an excellent work of maintaining the issue behind covers for about a month, after things began to calm down and its system’s security engineers signaled that the jig was up, the protocol moved on to provide what might be considered a post-crisis assessment.
Polygon discreetly delivered an upgrade to its network, which included a critical patch for all of its nodes and validators.
The Polygon team said in an article explaining the event that the weakness was initially exposed by two whitehat hackers spanning two days, from December 3 to December 4, 2021. Throughout this time, the two whitehat hackers collaborated with Immunefi, a blockchain security and bug bounty hosting service, to reveal the serious weakness discovered within Polygon’s proof-of-stake Genesis contract.
As per the post-situational investigation, about 9.27 billion pieces of $MATIC, Polygon’s indigenous token, are in danger. With an aggregate output of 10 billion MATICs, this puts around 92 percent of the network insignificant risk. Luckily, Polygon’s network of nodes and key developers collaborated to prevent another dark forest occurrence.
Notwithstanding these precautions, the malicious actors were capable to steal 801,601 MATIC from the network before it was fixed. During the period, the stolen tokens were worth about $2 million. Following then, the Polygon Foundation has committed to “pay the expense of the heist.”
Polygon reported that the remedy was implemented later, with the problem being rectified in block 22,156,660 via an “Emergency Bor Upgrade” to the Polygon mainnet. This occurred on December 5, 2021, at 7:27 a.m. UTC.
As per Polygon, the rationale the problem was not publicized publicly and was handled under the carpet was because their team was implementing a policy established by the Go Ethereum team in November 2020. This strategy, known as “silent patches,” allows protocol developers to comment on critical infrastructure changes 4-8 weeks after an event happens and a repair is issued. This assists the protocol in avoiding the possibility of being “sniped” or abused while the fix has been applied.
The weakness report and collaboration with Immunefi were launched by whitehat hacker “Leon Spacewalker,” whilst the other hacker is known as “Whitehat2” pursued up and corroborated the original insights. Both Immunefi and Polygon will compensate the two whitehats, with Leon Spacewalker earning $2.2 million in stablecoins and Whitehat2 obtaining 500,000 MATIC, or around $1.2 million.