A “critical” vulnerability that risked $24 billion in user funds was quietly patched earlier this month by developers at Polygon, a scaling framework for Ethereum—though not before one attacker was able to steal $1.8 million in Polygon’s MATIC token.
The exploit was shared by white hat hackers on bug bounty platform ImmuneFi on December 3. An upgrade was initiated within 48 hours and, in a blog post Wednesday, the Polygon team explained that they chose not to reveal the incident until it was patched.
“Considering the nature of this upgrade, it had to be executed without attracting too much attention,” they wrote.
If left unaddressed, the smart contract vulnerability would have allowed attackers to mint more than 9.2 billion MATIC tokens (from a total supply of 10 billion) from its genesis contract. But Polygon’s prompt upgrade execution meant that no user funds were lost, and the upgrade was completed without a hitch.
All you need to know about the recent Polygon network update. ✅A security partner discovered a vulnerability ✅Fix was immediately introduced ✅Validators upgraded the network ✅No material harm to the protocol/end-users ✅White hats were paid a bounty https://t.co/oyDkvohg33
However, the quick-fix hard fork didn't come soon enough to prevent one malicious attacker from using the exploit to steal over 800,000 MATIC (then worth around $1.8 million), before the patch was instituted—a loss that Polygon Foundation said it would cover.
The project’s co-founder Jaynti Kanani said that such a situation was bound to occur “sooner or later,” but the outcome was a testament to the network’s resilience.
“Considering how much was at stake, I believe our team has made the best decisions possible given the circumstances,” he said. The market appears to agree, with MATIC currency trading at $2.56—up 41% over the past month.
Polygon, which aims to address some of Ethereum's major limitations—including throughput and transaction efficiency—has made major strides throughout the past year. Most recently decentralized exchange (DEX) Uniswap announced that it would use the network for its V3 launch, sending MATIC to fresh highs.
However, the $98 billion decentralized finance (DeFi) industry has suffered a series of high-profile attacks, most of which have been focused on flash loans. Around $474 million in funds was stolen from the DeFi sector in the first six months of 2021, according to data from forensics startup CipherTrace.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
French Pornhub users rushed to ProtonVPN this week after the adult site blocked access from France in protest of new government-mandated age verification rules, the company said, claiming that signups for the service surged 1,000% in just 30 minutes.
ProtonVPN is part of a suite of privacy tools developed by Proton AG, a Switzerland-based company best known for its encrypted email service, ProtonMail.
While ProtonVPN reported a 1,000% surge in French signups this week, it didn’t disclose the num...
Less than a month after the Pectra Upgrade, the Ethereum Foundation believes that the world’s second-largest crypto, both as a technology and as an ecosystem, is approaching major breakthroughs with higher stakes for a broader audience.
Yet those stakes could be at risk if the people steering it are entrenched in what it calls a messy process: shipping protocol.
"We must rethink our current approach to designing, developing, and stewarding the protocol," the foundation wrote Monday, announcing t...
Ethereum's blockchain capabilities should grow tenfold over the next year, the network's co-founder Vitalik Buterin said.
Speaking at ETHGlobal Prague 2025 last week, the crypto entrepreneur predicted that the crypto network behind the second biggest digital coin by market cap should improve costs and speed soon.
"In general, I do think there's a lot of room to scale safely," he said. "My view is that generally we should scale L1 by about 10x over the next year and a bit."
The network has fac...
