According to the latest reports, Gerhard Wagner, a white hat hacker has received a $2 million bounty from the executives of the Polygon network. The reason behind paying $2 million to the white hat hacker is because he highlighted/pointed out a bug that cost a huge fortune to the Polygon network.
Following Wagner’s claim about the bug, the Polygon network programmers tested it to find out exactly if Wagner’s claims had weight or not. The bug could have reportedly been dubbed as the “double-spend” bug by the white hat hacker.
It was on October 21, when a report was posted by Immunefi through a blog post. Immunefi is a security service that reportedly provides data and information surrounding bugs. The firm facilitates the firm and the users within the decentralized finance (DeFi) sector for their awareness.
In its October 21st report, Immunefi reported that it was the Plasma Bridge within the Polygon network that was on the verge of becoming a victim to a huge bug.
The firm reported that the bug was a huge financial risk for the entire Plasma Bridge protocol. If any pro hacker would have gained knowledge of the bug, the protocol could have lost a significant amount of funds. According to Immunefi, the protocol could have ended up losing funds worth over $850 million.
The firm revealed that through the vulnerability, the hacker could have made 223 attempts over and over to carry out the burn transaction. The hacker would have managed to make it away with the huge amount of funds. The firm revealed that from the total 223 attempts, each attempt could have helped the hacker generate amounts ranging between $1,000 and $4,500.
In the report posted by Immunefi, the white hack hacker had revealed that the initial step of the hack was to use the Plasma Bridge for depositing Ether (ETH). Once the deposit was made, the next step was to carry out the withdrawal once it was confirmed that the deposit was successful.
Later on, the person performing the exploit could have resubmitted the same request over and over. The person could have done it through a branch mask by modifying its first byte. The white-hat hacker revealed that in case the hacker would have gone with making a deposit worth $3.8 million, he could have depleted the entire deposit on the bridge.
As a result, the Plasma Bridge could have lost the entire $850 million that was deposited on the platform. Wagner had initially posted his findings back on October 5, 2021. Therefore, the programmer at Polygon went ahead and checked the bug themselves and it was indeed the case with the protocol.