- Polygon has paid the highest bug bounty in DeFi history to a white hat hacker that exposed a dangerous vulnerability.
- The $2M was paid for drawing the attention of the network to a potential flaw that could have led to losses of up to $850M.
- DeFi has come under severe criticism regarding its security in recent months as networks scramble to beef up their protocols.
Polygon is leaving no stone unturned for the security of its network and the latest move is the payment of a bounty reward to a white hat hacker. Potentially, the sum of $850 million has been saved thanks to the quick actions of the team.
$2 Million Bounty
Polygon has broken the record for the largest bounty reward in DeFi with the $2 million reward handed to Gerhard Wagner. The white-hat hacker discovered a bug in the Polygon Plasma Bridge that allows bad actors to leave their burn transactions by a staggering 223 times.
If left unnoticed, the bug could have been exploited causing significant losses for the network. According to the network, an attack carried out with $100,000 could result in losses above $22 million and a full-scale attack will endanger $850 million worth of assets. After the discovery was made, the team began fixing the issue within 30 minutes and at press time, the issue had been successfully resolved without recording any loss of user funds.
The bounty program is hosted by Inmmunefi, a security services company and the company’s CEO Mitchel Amador was ecstatic by the discovery. “We congratulate Gerhard for his fantastic work and excellent report, and appreciate the swift response, subsequent fix, and fast payout from Polygon,” he said.
The bug was discovered in Polygon’s Plasma bridge which essentially is a trustless channel for cross-over communication between Polygon and Ethereum. Polygon is a protocol designed for improved scalability solutions on Ethereum which is the 21st largest project with a market capitalization of $10.5 billion.
Improved Security Efforts
Given the series of security breaches and high-profile hacks against cryptocurrencies, Polygon launched its bounty program. The program is regulated by Immunefi’s classification system that decides the severity of potential threats. Bounties start as low as $1,000 and can go as high as $2 million that is dependent on the size of the threat discovered. White hat hackers scour smart contracts and other code looking for vulnerabilities in the system.
Jaynti Kanani, Polygon’s cofounder said, “we hope this bounty on Immunefi sets an example for other web 3.0 projects and attracts Giga brains from the white-hat security research community to contribute to web 3.0 and make it more resilient from future security threats.”
In August, Poly Network suffered a hack leading to the loss of $600 million worth of assets but in a pleasant twist, the hacker returned all the assets and was rewarded with a $500,000 bug bounty.