Polygon (MATIC) double spend bug yields $2 million bounty for developer

Karthik Subramanian

Polygon, the Layer 2 solution on top of Ethereum, has recently paid out the highest ever bug bounty in history to a whitehat developer Gerhard Wagner for pointing out a double-spend bug in the network which could have resulted in huge losses if it had been exploited.


In a further sign of how even the best networks can continue to have vulnerabilities that lie undetected for weeks and months, it has been reported that Gerhard had noticed a critical vulnerability on October 5, 2021, on the Polygon Plasma Bridge. This could have put around $850 million at risk if it had been noticed and exploited by hackers but it is to the credit of Gerhard that he, along with Immunefi, chose to escalate it to the Polygon team. This is also a further validation on why companies need to have bug bounty programs as it encourages good developers and hackers to test out the security of the network and point out the vulnerabilities to the network providers for analysis and fixing and the developers themselves get rewarded by the network for the same, and in this case, the developer was rewarded handsomely.

Once the bug was informed to Polygon, it confirmed the bug within 30 minutes and it set about to fix the issue as soon as possible. As the funds at risk were huge, it was calculated that the bug bounty should be the maximum which is $2 million. The whitehat Gerhard received the bounty and the whole process, including the reporting, bounty payout, bug fix, and deployment into the main net was completed within a week. It is to the credit of all involved that things moved quickly before any damage was made.

Blockchain and crypto networks continue to be at risk from time to time due to such vulnerabilities but truth be told, with digitalization taking over the financial industry, this risk is likely to be there in all systems shortly. There cannot be a single, universal fix for this risk and the businesses and networks need to learn to live with it which is why it is important to have tight and closed-loop processes built with security companies as well, to ensure that such vulnerabilities are handled effectively in the long term thereby reducing the losses along the way.

Read this next

Industry News

Celsius $750m insurance claims are fraud, says lawyer seeking EU crypto superfund

“It is an intentional deception in aid of a billion-dollar securities offering.”

Institutional FX

DGCX brokers authorized to provide derivatives trading and clearing services

The DFM is looking to provide multiple asset classes such as; equities, ETFs, equities’ futures, crude oil futures, etc. to meet the growing demand from its diversified base of local and international investors.

Digital Assets

EQONEX leaves “crowded crypto exchange space” amid crypto winter

“The recent extreme market volatility and declining trading volumes have added to the headwinds being felt by exchange operators. We take a realistic view that our exchange will not move the needle for us financially over the near-to-medium term.”

Digital Assets

FTX and Paradigm partner for spreads trading: lower risk, lower fees

“This structured spread trading product is the first that will enable crypto investors to utilize cash and carry trades through FTX and Paradigm.”

Industry News

SEC uncovers online retail brokerage hacking scheme

Fraudsters were able to sell their holdings at artificially high prices and reap more than $1 million in illicit proceeds, the SEC alleged. 

Executive Moves

Cornerstone FS taps James Hickman as CEO

“I see great potential in the business from its proprietary technology to its regulatory permissions. It is already delivering an exceptional service to its SME customers and the scalable platform is ideally positioned to add further product capability.”

Retail FX

FCA warns of Lite Forex Pro as crackdown on clone scams continues

The UK Financial Conduct Authority has put out a press release that warns about a new ‘clone firm’ investment scam impersonating LiteForex‎, which rebranded last year as LiteFinance.

Digital Assets

Novogratz’s Galaxy Digital backs out of $1.2 billion deal to buy BitGo

Crypto merchant bank Galaxy Digital would not move forward with its bid to buy digital-asset custodian BitGo.

Executive Moves

OctaFX elevates Nikolas Charalampous to executive director role

OctaFX has promoted its head of dealing, Nikolas Charalampous, to the role of executive director, which saw the expansion of his day-to-day responsibilities and oversight.