Polygon Justifies Its Quiet Hard-Fork Citing ‘Critical Vulnerability’

Hack Hard fork Polygon
Last updated:
Author
Author
Ruholamin Haqshanas
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Source: AdobeStock / Dennis

 

Earlier this month, the popular Ethereum (ETH) layer-2 solution Polygon (MATIC) carried out a hard-fork, though in silence and with no official explanation. Now, exactly 24 days later, it justified its actions in a postmortem, citing a critical vulnerability that could have drained the network of MATIC 9.3bn (USD 23.56bn at current rates).

“Considering the nature of this upgrade, it had to be executed without disclosing the actual vulnerability and without attracting too much attention,” said Jaynti Kanani, co-founder and CEO of Polygon, adding that they are trying to follow the “silent patches” policy.

Further detailing on the incident, the Polygon team said that a whitehat hacker named Leon Spacewalker reported the vulnerability on December 3. Following the report, in coordination with Immunefi, a major bug bounty platform for decentralized finance (DeFi) projects, the team investigated blockchain activity, validated a fix, and hard-forked on December 5. 

“The validator and full node communities were notified, and they rallied behind the core devs to upgrade the network. The upgrade was executed within 24 hours, at block #22156660, on Dec. 5,” Kanani said.

In mid-December, several Polygon community members took to Twitter to express their frustration and bewilderment about the update, asking the team for some explanation. Considering that Polygon, currently ranked 14 in terms of market capitalization, is not an obscure crypto project, the sudden hard fork was worrying to some.

“Are we all supposed to just shut up and forget about the fact that over a week ago Polygon hard-forked their blockchain in the middle of the night with no warning to a completely closed-source genesis and still haven’t verified the code or explained what is going on?,” one user said.

In response, ostensibly for the first time, Polygon co-founder Mihailo Bjelic said that the unscheduled hard-fork was due to “a vulnerability in one of the recently verified contracts,” disclosing no further details.

Apparently, not all of the Polygon node operators, who are responsible for running the network software, were aware of the hard-fork as some allegedly woke up to their nodes disconnected.

Meanwhile, the team aims to pay out a bounty of USD 2.2m in stablecoins to the whitehat Spacewalker, and another MATIC 500,000 (USD 1.2m) to “Whitehat2,” who had “submitted a report on December 4 referencing the same vulnerability.”

While the team managed to prevent what could have been the largest exploit in DeFi history, some bad actors exploited the vulnerability prior to the update and ran away with a portion of user funds.

“Additionally, a blackhat–or a set of blackhats–managed to steal 801,601 MATIC tokens using the same exploit before the fix was implemented,” Polygon said. This is currently worth over USD 2m. 

As of now, the title of the largest hack in DeFi history belongs to Poly Network, which lost over USD 600m in an exploit back in August.

At 8:33 UTC Wednesday morning, MATIC is trading at USD 2.54, down by 5.6% over the past 24 hours. The coin is up by 54% in a month and by 13,285% in a year, according to CoinGecko.

____

Learn more:

Polygon Makes USD 400M Bet On Ethereum Scaling, Pepsi Goes NFT + More News
Watch: Polygon’s Co-founder On ‘Holy Grail’ of Scaling, Ethereum Merge, NFTs, and More

Polygon Flips Ethereum in Daily Transactions, Price Hits All-Time High
Santa Hackathon? Visor Finance Marks 7th Hack in December

More Articles

Cryptonews Reports
Russian Court Extends Detention of Pilot Arrested for Sending Crypto to Ukraine Military
Tim Alper
Tim Alper
2025-02-13 23:30:00
Price Analysis
Hyperliquid Defies the Crypto Downtrend – Could HYPE Overtake Solana?
Michael Davis
Michael Davis
2025-02-13 23:13:56
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors