In line with a probably dear “double-spend” bug on the Polygon neighborhood, white-hat hacker, Gerhard Wagner has earned a $2 million bounty.
Polygon neighborhood’s Plasma Bridge was once prone to being hacked thru a a professional hacker, in step with a blog post revealed October 21 thru Immunefi, a security supplier that facilitates bug studies in decentralized finance projects.
An attacker would possibly simply cross out their burn transaction from the bridge up to 223 events, quickly converting $4,500 into $1 million get advantages, in step with the endeavor.
The double-spend exploit was once reported thru Immunefi. It used the Plasma Bridge to deposit Ether (ETH) first, and then to withdraw it after the transaction were confirmed.
As quickly because the hacker was once able to make the main withdrawal, they may resubmit it aside from “a modified first byte of the dep. mask.” Assuming they might started with $3.8 million, they may have depleted all $850 of the bridge’s deposits.
After Wagner’s initial record on October 5, Polygon agreed to pay the whole amount of $2 million for a bug bounty record. Wagner gained the budget reported to be “the very best bounty ever in history,” and no shopper budget were out of place on account of the exploit, in step with the platform.
In step with Immunefi’s Medium internet web page, Wagner speculated the bug could also be related to the fact that “we used someone else’s code without utterly figuring out what it does.” He added that while the solution was once not sublime, it did restore the double-spend exploit.
In September, Alexander Schlindwein, who found out a vulnerability in Belt Finance’s protocol and gained $1.05 million, gained crucial bounty for a white hat hacker.
U.S. officials said they may reward hackers with rewards of up to $10 million if they may move along knowledge on terrorist suspects, extremists or state-sponsored hackers.