In the early morning hours of December 5th, the team behind Polygon (MATIC) orchestrated a hard fork in the cryptocurrency without previously communicating the community members.
For nearly a month users had to wait to receive a response from the Polygon team. She only arrived on Wednesday (29) in a official publication on the project blog.
In the text, it was clarified for the first time the reasons that led Polygon to update its code on the sly: to fix a bug that jeopardized US$ 20 billion in MATIC.
Polygon’s genesis contract, which contained more than 9 billion MATIC tokens as of December 3, contained a vulnerability that was identified by a white hat hacker (so-called “good hackers”) and reported by him on Immunefi, a platform that connects projects from cryptocurrencies to bug hunters.
After confirming that the bug was real, the Polygon team met with the hacker and Immunefi experts to create a fix.
“The validators and full nodes were notified and teamed up with the main developers to update 80% of the network in 24 hours without interruption,” explained the project.
The hark fork that introduced the patch to the main network was made in block #22156660 on December 5th, two days after the bug was identified.
The two hackers who found the bug and reported it to the Polygon team received $3.46 million in rewards.
Lack of transparency raises suspicions in the community
A hard fork is a complex update in which a blockchain is forked so that an improvement can be inserted into the code or some problem fixed. If a hard fork goes wrong or if miners continue to use the old chain instead of the new one, there may be accidental creation of a new cryptocurrency, just like what happened with the Ethereum Classic.
It is not surprising, therefore, that the suspicion of the community to see an update of this magnitude being carried out in the dark.
“All of us should just shut up and forget about the fact that over a week ago Polygon bifurcated their blockchain in the middle of the night with no warning, to completely closed code and still haven’t verified the code or explained what. is happening?”, criticized Twitter user Nathan Worsley on the 15th.
It was answered by Mihailo Bjelic, co-founder of Polygon, who limited himself to saying that a vulnerability had been found and fixed.
At the time, he even claimed that the network was stable and that no money had been stolen, which later turned out not to be true.
In yesterday’s post, the Polygon team confirmed that a malicious hacker was able to take advantage of the vulnerability in the code to steal 801,601 MATIC, equivalent to $2 million at the current $2.55 cryptocurrency quote.
The foundation behind Polygon has pledged to take the damage from the theft. On the lack of transparency, the project stated that it was following the safety recommendations.
“Our initial disclosure was minimal because we followed the ‘silent patches’ policy introduced and used by the Geth team. All in all, the development team has struck the best possible balance between openness and doing what’s best for the community, partners and the broader ecosystem in dealing with this extremely urgent and sensitive issue,” explained the project.
After the serious incident that put more than $20 billion in MATIC at risk, the project said it performed an extensive autopsy and identified a number of existing processes that will be improved in the future.