Gerhard Wagner, the white hat hacker, has earned a sum of $2 million after he reported the cryptocurrency Polygon as a solution to a bug on the network. In a blog post on the 21st of October from Immunefi- which is basically a security service that helps in the facilitation of bug reports in DeFi projects- the Plasma Bridge network of this blockchain was definitely at a major risk of having a sum of $850 million removed by any knowledgeable hacker.
According to the project mentioned, this vulnerability would allow any hacker to exit their burn transaction up the bridge by around 223 times- which would turn an amount of $4,500 into a profit of $1 million.
White Hat Hacker Earns $2M For Reporting Polygon Bug
Immunefi then reported the double-spend exploit that was worked with Ethereum getting deposited first through the Plasma Bridge, and then the withdrawal process began yet again after the transaction was confirmed. After this, the hacker could wait an entire week and then resubmit the same withdrawals, with the exception of a first byte of the mask of the branch that was modified. If the hacker could start from $3.8 million, they would be able to wipe around $850 million from the deposit manager of Polygon.
This led to Polygon agreeing to pay the maximum amount ever paid for a bug bounty report- a sum of $2 million- which was done after the initial report of Wagner came out on the 5th of October. According to the blockchain platform, the bug has already been put through on the mainnet after testing, and the white hat hacker has already been paid.
Wagner went on to speculate that the Polygon bug could simply be someone using someone else’s code, while not having a complete understanding of what it actually does.