Polygon (MATIC) double spend bug yields $2 million bounty for developer

Karthik Subramanian

Polygon, the Layer 2 solution on top of Ethereum, has recently paid out the highest ever bug bounty in history to a whitehat developer Gerhard Wagner for pointing out a double-spend bug in the network which could have resulted in huge losses if it had been exploited.


In a further sign of how even the best networks can continue to have vulnerabilities that lie undetected for weeks and months, it has been reported that Gerhard had noticed a critical vulnerability on October 5, 2021, on the Polygon Plasma Bridge. This could have put around $850 million at risk if it had been noticed and exploited by hackers but it is to the credit of Gerhard that he, along with Immunefi, chose to escalate it to the Polygon team. This is also a further validation on why companies need to have bug bounty programs as it encourages good developers and hackers to test out the security of the network and point out the vulnerabilities to the network providers for analysis and fixing and the developers themselves get rewarded by the network for the same, and in this case, the developer was rewarded handsomely.

Once the bug was informed to Polygon, it confirmed the bug within 30 minutes and it set about to fix the issue as soon as possible. As the funds at risk were huge, it was calculated that the bug bounty should be the maximum which is $2 million. The whitehat Gerhard received the bounty and the whole process, including the reporting, bounty payout, bug fix, and deployment into the main net was completed within a week. It is to the credit of all involved that things moved quickly before any damage was made.

Blockchain and crypto networks continue to be at risk from time to time due to such vulnerabilities but truth be told, with digitalization taking over the financial industry, this risk is likely to be there in all systems shortly. There cannot be a single, universal fix for this risk and the businesses and networks need to learn to live with it which is why it is important to have tight and closed-loop processes built with security companies as well, to ensure that such vulnerabilities are handled effectively in the long term thereby reducing the losses along the way.

Read this next

Digital Assets

Russian Duma’s working group to address gaps in crypto regulation

A working group formed by the Russian State Duma to tackle the issues of cryptocurrency regulations is set to hold its first meetings, said the head of the parliamentary Financial Market Committee, Anatoly Aksakov.

Digital Assets

Kevin O’Leary says XRP lawsuit is “a very bad idea”

“I have zero interest in investing in litigation against the SEC, that is a very bad idea”.

Industry News

SFC freezes 17 client accounts on suspected ‘pump-and-dump’ scam

Hong Kong’s financial watchdog, the Securities and Futures Commission (SFC), has issued notices to two local brokers, instructing them to freeze certain client accounts suspected of market manipulation.

Retail FX

FSCS starts to offer LCF investors compensation under government scheme

The Financial Services Compensation Scheme (FSCS) has gone live with the government’s redress scheme to reimburse eligible London Capital & Finance victims.

Industry News

Aquis Exchange appoints Glenn Collinson as new Chair

Aquis Exchange, a group of companies that provide services for exchanges, has announced the appointment of Glenn Collinson as its new Chair and he would succeed Niki Beattie effective from January 1, 2022.

Digital Assets

Bitpanda onboards Lydia’s 5.5 million users to white label solution

Lydia has deployed the white label solution, with transactions made by the more than 5 million Lydia customers in a wide range of assets, from crypto to fractional stocks, being executed via Bitpanda for as little as EUR 1.

Digital Assets

Archax deploys Scila AB’s AML and surveillance tech for crypto trading

Scila is very much in tune with digital assets and cryptocurrencies and has some of the largest cryptocurrency exchanges and traders in its client roster.

Institutional FX, Retail FX

ATFX goes all in on US equities: FX broker adds 113 US stock CFDs

With the addition of 113 US stock CFDs, ATFX boasts more than  300 tradable instruments, 273 of which are stock CFD products.

Industry News

Citadel CEO outbids 17,000 crypto investors after winning Short Squeeze Lawsuit

Citadel Securities has been a key source of trading platforms’ revenue, which fed conspiracy theories that the US market maker leaned on their executives to end the short squeeze by restricting users from buying meme stocks.