Polygon, a Layer 2 scaling network for the Ethereum blockchain, has fixed a bug that put its MATIC token at risk. However, a hacker was able to steal US$2.04 million in MATIC.
The company says a couple of white hat hackers notified Immunefi, which run’s Polygon’s bug bounty program. The upgrade happened on Dec. 5 at block #22156660. All Polygon contracts and node implementations remain fully open source. Polygon paid a total of about US$3.46 million as bounty to two white hats who helped discover the bug.
Polygon co-founder Jaynti Kanani:
All projects that achieve any measure of success sooner or later find themselves in this situation. What’s important is that this was a test of our network’s resilience as well as our ability to act decisively under pressure. Considering how much was at stake, I believe our team has made the best decisions possible given the circumstances.
Polygon says it follows the “silent patches” policy from the Go Ethereum team. Due to the seriousness of the flaw, the developers strike a balance between secrecy and transparency.