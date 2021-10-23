The guys behind Polygon have paid a record $ 2 million reward to a hacker who managed to discover a critical vulnerability.Polygon manages to avoid the loss of up to $ 850 million and this vulnerability was fixed in 30 minutes. No user lost absolutely nothing.

Polygon, the scalability solution for Ethereum, avoid a $ 850 million hack and pays a record $ 2 million reward to a “white hat” hacker after identifying such a vulnerability, it could have jeopardized around $ 850 million of capital.

Based on what we can see from bug bounty and security services platform Immunefi, who hosts Polygon’s bounty program, this is one of the highest bounties ever paid out in the decentralized finance world.

Gerhard Wagner was the one who found this vulnerability in Polygon Plasma Bridge on October 5; this allowed an attacker to exit his recording transaction from the bridge several times, up to 223 times.

Polygon Plasma Bridge is a trustless transaction channel which guarantees communication between Polygon and Ethereum networks, this allows users to move their tokens between both chains.

From what we can see, having only $ 100,000 to start an attack would result in losses of $ 22.3 million or a combined total of $ 850 million for a series of full attacks. So we can be sure that Polygon avoids the $ 850 million hack which would have been a complete disaster.

Since the hacker’s tip, it took only 30 minutes to fix the problem after the hacker submitted his investigation. From that moment, it was solved quickly and effectively without the loss of funds from any user.

Mitchell Amador, Founder and CEO of Immunefi commented “We congratulate Gerhard for his excellent work and fantastic report; We also appreciate Polygon’s quick response and correctness. ”

The Polygon Rewards Program

Polygon launched its rewards program through Immunefi in September when the team was looking for potential security flaws.

The bounty program is basically an open invitation for white hat hackers; so that they find vulnerabilities in smart contracts and decentralized applications. Investigations will be rewarded economically and the amount will depend on the severity of the vulnerability. As indicated by the Immunefi vulnerability severity rating system.