Share this article
Polygon Discloses Patched Exploit That Put 9B MATIC at Risk
“There is a natural tension between security and transparency,” Polygon’s team said in a Wednesday blog post.
By Danny Nelson
Updated May 11, 2023, 6:38 p.m. Published Dec 29, 2021, 9:58 p.m.
A hacker who helped Polygon avert a multibillion-dollar disaster in early December won a $2.2 million bug bounty, the blockchain network said Wednesday.
The so-called “white hat,” known as “Leon Spacewalker” on Twitter and GitHub, reported an exploit in a critical Polygon smart contract that held more than 9 billion MATIC tokens on Dec. 3, then worth around $20.2 billion. Core developers rushed a fix by Dec. 5.
STORY CONTINUES BELOW
It wasn’t fast enough to protect all the contract’s funds, according to Immunefi, the crypto security startup that managed Polygon’s bug bounty program. Separate hackers pilfered 801,601 MATIC tokens (then worth around $1.4 million) on Dec. 4. Polygon Foundation said it took the hit.
Still, the fix, a hard fork live across 90% of network validators by Block #22156660, according to Polygon’s timeline of events, protected a massive trove of funds for the Ethereum scaling tool. Polygon hadn’t publicly discussed the reasoning for the hard fork before Wednesday.
Consulting the record
CoinDesk reviewed the Polygon Discord server’s validator channel on Dec. 5. It contained multiple validators expressing anger over the core developers’ silence on pushing what is usually a major and well-publicized software upgrade through the shadows.
Indeed, the abrupt hard fork had spillover effects for the network as validators unprepared for the shift were knocked offline, according to the Discord logs.
Polygon’s developers acknowledged on Wednesday their initial silence created a precarious position. “There is a natural tension between security and transparency,” the team said in its blog post. They said a “minimal” initial disclosure followed the Ethereum community’s “silent patch” standard.
“What’s important is that this was a test of our network’s resilience as well as our ability to act decisively under pressure,” co-founder Jaynti Kanani said in a blog post. “Considering how much was at stake, I believe our team has made the best decisions possible given the circumstances.”
Polygon’s bug bounty program awarded Leon Spacewalker $2.2 million in stablecoins; a different white hat who reported the same bug after the initial thefts won 500,000 MATIC.
Spacewalker didn’t respond to CoinDesk by press time.
Більше для вас
Що варто знати:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
Більше для вас
NFT Project Pudgy Penguins Takes Over Las Vegas Sphere in Holiday Campaign
The NFT brand’s animated segments will air on the Sphere across Christmas week, signaling the crypto company's move into real-world consumer markets.
Що варто знати:
- Pudgy Penguins will run an ad campaign at the Las Vegas Sphere during Christmas week, one of the few crypto brands to secure a spot at the high-profile venue.
- The NFT project, which launched on Ethereum in 2021, has expanded into physical toys and digital gaming as part of a broader consumer push.
- Pudgy Penguins briefly overtook Bored Apes in floor price earlier this year and recently launched its PENGU token on Solana, now trading on major exchanges.
Top Stories
