Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

'Critical' Polygon Bug Put $24 Billion in Tokens at Risk Until Recent Hard Fork (theblockcrypto.com) 16

Ethereum scaling project Polygon was at risk of losing nearly all of its MATIC tokens until it upgraded its network earlier this month. From a report The problem was a "critical" vulnerability in Polygon's proof-of-stake genesis contract, which could have allowed attackers to steal over 9.2 billion MATIC tokens (currently worth over $24 billion). The total supply of MATIC tokens is 10 billion. The vulnerability was reported on the bug bounty platform Immunefi by a whitehat hacker known as Leon Spacewalker. According to details shared Wednesday, the bug essentially could have allowed attackers to arbitrarily mint all of Polygon's more than 9.2 billion MATIC tokens from its MRC20 contract. After Spacewalker found the bug, Immunefi informed the Polygon team the same day. The team then confirmed the vulnerability and moved to update the Polygon network, initially with an update for its Mumbai testnet. According to Polygon, the testnet update was completed on December 4, and the team was preparing for the mainnet upgrade. Yet before the mainnet upgrade was undertaken, a malicious actor exploited the bug and stole 801,601 MATIC tokens (currently worth over $2 million). Polygon has said it will bear the cost of the theft.
This discussion has been archived. No new comments can be posted.

'Critical' Polygon Bug Put $24 Billion in Tokens at Risk Until Recent Hard Fork

Comments Filter:
  • by memory_register ( 6248354 ) on Thursday December 30, 2021 @02:18PM (#62128707)
    And you want me to trust crypto with the future of commerce? Maybe in a generation if the technology approaches maturity - and that is a big IF
  • by klipclop ( 6724090 ) on Thursday December 30, 2021 @02:20PM (#62128721)
    Reading these stories over and over again proves financial regulation is required. These companies are playing with valuations which are pretty big and users have no safety nets if the Mumbai dev team isn't able to patch their pyramid scheme defi token before more is stolen than they can reimburse. (I assume by just creating replacement tokens?)
    • by 140Mandak262Jamuna ( 970587 ) on Thursday December 30, 2021 @02:24PM (#62128733) Journal
      No tax payer funded fraud prevention for these tax dodgers. If you don't want our fiat currency, you don't get our law enforcement either. If you would not obey the subpoena or make it impossible to obey our subpoena, you dont get any protection from our judiciary built and paid for by our fiat currency.
      • So⦠people who invest in things other than cash in a bank account donâ(TM)t deserve the police⦠oh yeah, and crypto⦠just like any investment, is not a tax dodge. You are required to report any sales and will owe taxes on any gains you made since buying it. Same for for stocks, homes, or really anything that people might purchase and sell at a different price later.
        • by 140Mandak262Jamuna ( 970587 ) on Thursday December 30, 2021 @10:15PM (#62130095) Journal
          Banks report all transactions above 10K, identify the account holder, there is no anonymity in bank and brokerage accounts. And they comply with all government investigation subpoena and help government track tax dodgers and criminals.

          The biggest selling point of crypto is supposed to be to avoid taxes, to launder money and pay for criminal goods and services. They make fun of fiat currency. Their hyping up of privacy and anonymity is just a thin veiled invitation to the criminals and tax dodgers. You "invest" in crypto, you are on your own.

        • Banks and brokerages will independently identify the sales, proceeds and cost basis and report it independently to IRS. Crypto is supposed to be anonymous and they claim they can't identify the tax payers and tax due and the cost basis. So they don't deserve any services from the government in terms of fraud, contract enforcement or fraud prevention.
    • by klipclop ( 6724090 ) on Thursday December 30, 2021 @02:25PM (#62128741)
      I still laugh how all these articles place a very theoretical conversion rate for these tokens into USD. No way you can cash out at those rates without crashing the price. Slashdot is definitely not doing readers any favors adding in imaginary USD amounts on what are likely illiquid and worthless pink sheet junk.
    • by tlhIngan ( 30335 )

      Reading these stories over and over again proves financial regulation is required. These companies are playing with valuations which are pretty big and users have no safety nets if the Mumbai dev team isn't able to patch their pyramid scheme defi token before more is stolen than they can reimburse. (I assume by just creating replacement tokens?)

      No they don't. They want to play with fire, they can play with fire. The risks are well understood so if you're investing your life savings into it hoping to beat "t

  • ...monogons. Less tricky.

  • They really seem to be in a contest how has the worst, most insecure implementation and who robbed first.

Real Programmers think better when playing Adventure or Rogue.

Working...