Polygon Swerves $850M Hack on Ethereum Bridge
The bug could have resulted in $850 million worth of losses.
- Polygon has patched a critical bug on its Plasma Bridge.
- The vulnerability put $850 million at risk, though the issue was resolved before any funds were lost.
- Polygon has paid a record $2 million bounty to the hacker who spotted the issue.
Share this article
Polygon has patched a critical vulnerability that affected its Plasma Bridge.
Polygon Pays $2 Million Bounty
Ethereum sidechain Polygon has patched a critical bug on its Plasma Bridge contract.
A postmortem report from the bug bounty platform Immunefi revealed that it had discovered the issue and it was patched before any hack or funds were lost.
Polygon is the largest sidechain network on Ethereum. It operates the Plasma Bridge, a two-way token gateway that lets users transfer assets from Ethereum mainnet to Polygon and withdraw them back on Ethereum.
Polygon’s Plasma Bridge has a security exit mechanism that involves burning tokens that have been requested to be withdrawn to mainnet. On Oct. 5, the whitehat hacker Gerhard Wagner found a security vulnerability that could let malicious hackers bypass the bridge’s exit mechanism.
The main vulnerability affected WithdrawManager, a specific function in the bridge contract that authenticates burn transaction in previous blocks for withdrawing assets back to Ethereum.
No user funds were lost
Thank you @g3rh4rdw4gn3r for responsibly disclosing the bug, and @immunefi for facilitating the bug bounty of $2,000,000
👷♀️Let's build and make web 3.0 more resilient from such future attacks.
You can read the detailed postmortem of the exploit here 👇 https://t.co/svhfo2cewS
— Polygon 💚 (@0xPolygon) October 21, 2021
Wagner reported the vulnerability to Immunefi, which then notified Polygon. Per the Immunefi postmortem, the Polygon team “immediately began fixing the underlying issue” and it was safely patched soon after. The bug was reportedly severe enough that it could have allowed hackers to drain the entire value locked on Plasma Bridge, which was around $850 million at the time.
The Polygon team has rewarded Wagner with $2 million, the highest bounty paid in the crypto space to date.
In a statement shared with Crypto Briefing, Polygon co-founder Jaynti Kanani said that security should not be an afterthought when building the Web 3. Commenting on the issue, Kanani added that Immunefi had helped the Polygon team “connect with security researchers to make the Polygon Proof-of-Stake network more resilient.”
The incident serves as a reminder of security issues with interoperability bridges. As a variety of Layer 1 blockchains have seen explosive growth, bridges have soared in popularity. However, there are major security issues with many bridges, which has led to several attacks in which hackers have exploited vulnerabilities. In one notable incident, $611 million was stolen from a cross-chain bridge service called PolyNetwork. Other cross-chain bridge incidents on pNetwork and Thorchain also suffered multi-million dollar losses in recent months.
Disclosure: At the time of writing, the author of this feature owned ETH.