Whitehat Hacker Receives the Largest Bounty for Identifying Exploits in Polygon's Codes
A Whitehat hacker, Gerhard Wagner, has received the largest bug bounty in history after he discovered a vulnerability in Polygon’s plasma bridge.
According to Immunefi, a bug bounty platform for smart contracts and DeFi projects, the identified bug would have cost the protocol as much as $850 million in losses if discovered by a knowledgeable hacker.
Immunefi said the report on the faulty codes in the plasma bridge was first reported on October 5, and the Immunefi triaging team verified the claims. The vulnerability allowed an attacker to exit their burn transaction from the bridge multiple times, up to 223 times. There was around $850M at risk. Having just $100k to launch the attack would result in $22.3M in losses! This means the DepositManager for the Plasma Bridge could be depleted with a sufficient amount.
The risk was then escalated to Polygon, who also confirmed it and promptly fixed the vulnerability. As its policy to reward such reports on faulty codes, Polygon agreed to pay its highest listed amount for such related bug bounties, and Wagner was notably paid a $2 million sum.
The potential security of decentralized finance (DeFi) protocols became a subject of debate amongst experts following a series of hacks that were reported in the past months. Back in August, Blockchain.news reported the Poly Network hack, which was credited for being the largest blockchain exploitation with over $610 million stolen. While the event behind this hack ended in the interoperable protocol’s favour as the Whitehat hacker returned all stolen funds, other projects have not been as lucky.
Despite the veracity of hacking in blockchain-related protocols surging in the past months, mainstream tech firms are also experiencing their fair share of the exploitations. Tech giant T-Mobile was also hacked for at least 6 BTC back in August, lending voice to the position that more Whitehat hackers are needed across every inch of the tech ecosystem.
Image source: Shutterstock
HackerOne User Finds Critical Bug in MakerDAO Upgrade