Polygon (MATIC) double spend bug yields $2 million bounty for developer

Karthik Subramanian

Polygon, the Layer 2 solution on top of Ethereum, has recently paid out the highest ever bug bounty in history to a whitehat developer Gerhard Wagner for pointing out a double-spend bug in the network which could have resulted in huge losses if it had been exploited.


In a further sign of how even the best networks can continue to have vulnerabilities that lie undetected for weeks and months, it has been reported that Gerhard had noticed a critical vulnerability on October 5, 2021, on the Polygon Plasma Bridge. This could have put around $850 million at risk if it had been noticed and exploited by hackers but it is to the credit of Gerhard that he, along with Immunefi, chose to escalate it to the Polygon team. This is also a further validation on why companies need to have bug bounty programs as it encourages good developers and hackers to test out the security of the network and point out the vulnerabilities to the network providers for analysis and fixing and the developers themselves get rewarded by the network for the same, and in this case, the developer was rewarded handsomely.

Once the bug was informed to Polygon, it confirmed the bug within 30 minutes and it set about to fix the issue as soon as possible. As the funds at risk were huge, it was calculated that the bug bounty should be the maximum which is $2 million. The whitehat Gerhard received the bounty and the whole process, including the reporting, bounty payout, bug fix, and deployment into the main net was completed within a week. It is to the credit of all involved that things moved quickly before any damage was made.

Blockchain and crypto networks continue to be at risk from time to time due to such vulnerabilities but truth be told, with digitalization taking over the financial industry, this risk is likely to be there in all systems shortly. There cannot be a single, universal fix for this risk and the businesses and networks need to learn to live with it which is why it is important to have tight and closed-loop processes built with security companies as well, to ensure that such vulnerabilities are handled effectively in the long term thereby reducing the losses along the way.

Read this next

Digital Assets

Kraken signs commitment to launch regulated business in Canada

San Francisco-based cryptocurrency exchange Kraken has filed a pre-registration undertaking with a Canadian provincial regulator as it works towards becoming a regulated provider in the country.


TT’s Keith Todd brings fixed income and cybersecurity to FIA Boca 2023

FinanceFeeds Editor-in-Chief Nikolai Isayev spoke with Keith Todd about Trading Technologies’ move to fixed income after nearly 30 years of existence. TT is also proposing cooperation and transparency among competitors to tackle cyber risks.

Digital Assets

Binance joins FIDO Alliance to enhance user security with introduction of passkeys

“With passkeys, a user can quickly and safely sign in across multiple sites, apps, and devices with local biometric authorization. Binance will offer users a more secure and streamlined experience using passkeys on our platform without compromising on security”.

Digital Assets

ipaymy taps TripleA in Singapore for rent, invoices, taxes, salaries in Crypto

“Our white label crypto payment solution enables our partners to reap the benefits of accepting crypto payments, without managing crypto on their balance sheets. This makes it an ideal solution for businesses looking to offer cryptocurrency payments volatility-free.”

Industry News

London and New York rank joint first as top financial centers, according to…London

“The UK remains one of the most open and global financial centres with better access to international markets than the US, France, or Japan. But our competitive advantage is at risk.”


Sterling Trading Tech (STT) discusses their Risk & Margin System at FIA Boca 2023

FinanceFeeds Editor-in-Chief Nikolai Isayev spoke with Chief Customer Officer Keith Cacciola and Managing Director of Business Development Andrew Actman about STT’s competitive advantages, the challenges their clients face today, the firm’s product roadmap and new leadership at STT.

Institutional FX

Swedish online brokerage pioneer Nordnet deploys Citi Securities Lending Access platform

“Nordnet was one of the first online brokers in Sweden and has since expanded into a pan-Nordic leading digital platform for savings and investments. We are proud to add this collaborative initiative to our ever-growing list of market innovations for our customers.”

Digital Assets

Elwood integrates Fireblocks to further connect digital asset ecosystem

“As a first port of call, the integration of Fireblocks will enhance the portfolio management system experience for clients, providing users with a comprehensive view of their current and historical digital asset positions across all venues, including their Fireblocks movements and balances.”

Industry News

OKX to open office in Australia, starts rivalry with Kraken in Formula 1

“Our ambition is straightforward – to become the leading crypto platform in the world. We see Australia as an indispensable part of this strategy and a key growth market.”