Cointime

Download App
iOS & Android

Lost in Translation: Polygon Bridge’s Unclaimed Millions

Validated Media

At ZenGo – the non-custodial MPC wallet with no private key – we are preparing to add support for  Polygon’s POS chain (AKA Polygon or MATIC). This will allow ZenGo users to enjoy Web3 DeFi and NFTs with lower gas fees, and offer all Polygon users a wallet with 10x more security than traditional wallets currently supporting Polygon. One of the key elements of Polygon’s success is its bridging technology, allowing users to virtually move assets (such as NFTs and tokens) from the Ethereum blockchain to the Polygon blockchain and vice versa.

Coming Soon! TM 😉

As part of our ongoing research on blockchains and their security features, we investigated the inner workings of Polygon’s bridge. There, we discovered millions of USD of forgotten bridged tokens that have not been claimed by their owners. As a result of this research we were able to help a whale user reclaim $2M of funds, together with the Polygon team.

In this blog we dive into the inner workings of the Polygon bridge, successfully verify its financial soundness by leveraging some newly-developed Dune Analytics capabilities, discuss the phenomena of forgotten funds, and show how they can be claimed by their rightful owners.

How the Polygon Bridge Works

To bridge assets between Ethereum and Polygon, users must rely on a dapp, like the official Polygon bridge.

The Polygon Bridge Dapp (https://wallet.polygon.technology/bridge)

But what happens behind the scenes of this dapp, how does it work?

When users want to transfer an asset from Ethereum to Polygon (AKA “deposit”), say 100 USDT, they send it to a contract deployed by Polygon on the Ethereum blockchain and this contract emits an event. Polygon validator nodes are monitoring for such events and when they find them, they mint the appropriate amount/asset (100 USDT) on the Polygon blockchain and send it to the user’s address. The user’s Polygon address remains the same address as on Ethereum.

Therefore as users, in order to bridge an Ethereum based token to Polygon, we send just a single transaction on Ethereum and after a while the tokens will appear in our wallet on the Polygon side.

Once that token is on the Polygon side, users can engage in whatever form of DeFi they choose and enjoy Polygon’s lower fees and faster completion times. The value of the bridged USDT on the Polygon side remains the same as it was on the Ethereum side, as it’s 1:1 backed by original Ethereum USDT, held by the Polygon’s Ethereum contract.

Let’s assume that after a while, our users profit and now want to bridge their newly earned 200 USDT back to Ethereum (AKA “withdraw”). The process is similar in nature, but a bit different in details.

First, the user has to “burn” (send to the 0 address) their USDT Polygon tokens. As before, Polygon validators are monitoring for such burn events on the Polygon network, accumulate, and aggregate a few of such burns over a period of time and update the Polygon Ethereum side with this aggregated information.

But unlike Polygon deposits, when a user withdraws their assets back to the Ethereum side, they need to send an additional Ethereum transaction to claim their USDT from the Polygon Ethereum contract. The claim transaction contains a cryptographic proof that the withdrawer actually burned their tokens on the Polygon side. Once the contract gets the proof, it validates it and sends the tokens to the withdrawer address on Ethereum. 

Summing up, the deposit side (Ethereum → Polygon) is a one click process that takes a few minutes. However, the withdrawal side (Polygon → Ethereum) is a two step process, and may take a few hours between the first step and the availability of the final step.

Verifying the Financial Soundness of Polygon Bridge

The financial soundness of the bridge stems from the fact that for each asset minted on the Polygon side of the bridge, Polygon’s contract on the Ethereum side holds the appropriate amount – given recent news with custodial exchanges and phantom assets, you might consider this inquiry as an attempt to confirm a blockchain’s “Proof of reserves”

Luckily, unlike with centralized exchanges, in DeFi all information is available on the blockchain and we can easily and directly verify it without trusting an obscure proof of reserve document.

Using Etherscan we can see that the Polygon contract holds (as of November 13th, 2022) more than a $7 billion worth of ERC20 tokens alone (without taking into account ETH and NFTs).

When we compared the numbers across the bridge, we were happy to find out that the Ethereum side always had more tokens than the Polygon side, meaning that all of the tokens that were bridged to Polygon are indeed properly backed by Ethereum tokens.

However, we noticed a big surplus of about 1% extra token on the Ethereum side, which required an explanation.

For example: On November 13th, USDT on the Polygon side had 675M units (see below) while the Ethereum side had 683M units (see above).

Polygon bridge ERC20 holdings greater than $7B, on November 13th, 2022 (Source: Etherscan)

We verified that the same phenomena of 1% differences repeat on other major assets such as USDC, ETH, DAI.

Difference in main asset balances across the bridge (as of November 25, 2022)

While 1% may not sound like much, when dealing with $7B sums it can be material.

Forgotten Funds Analysis

To spot the missing funds, we tried to match burned transactions on the Polygon side with their counterpart claim transactions on the Ethereum side. To do so, we took advantage of a new query engine recently developed by Dune Analytics that allows cross-chain queries.

Unclaimed USDT Dune Analytics query (see https://dune.com/queries/1536897)

Using this query, we were able to verify that indeed there were more withdraw calls on the Polygon side than the expected counterpart claim calls on the Ethereum side. As the screenshot above shows, there were about 3000 withdraw calls that are unmatched to a claim just for USDT.

We have since developed and are happy to share a generic Dune Analytics query that supports any bridged ERC20 pair. 

Our generic Dune Analytics query that supports any Polygon bridged ERC20 pair

Holidays came early: Saving $2M for user 007

Looking deeper into individual cases we found many interesting examples. For example, this mysterious user (appropriately abbreviated to 0x007) made two withdraws of both Wrapped ETH and Wrapped BTC on Polygon, each of them worth more than $1M over half a year ago but still have not claimed it on the Ethereum side.

Burning on Polygon (sending to the “0” address) but never claiming on the Ethereum side

We can see that this user was still active on Ethereum a month later, so we can rule out key loss as the reason for not claiming the funds.

To make sure that indeed these funds can be claimed by the user, we simulated the claiming transaction on a simulation platform that can ignore we are not user 0x007, providing it with the appropriate burn proof and were able to claim the $1M lost ETH, meaning the original user can do it too.

Although it’s hard to imagine how someone can just “forget” about millions of USD, we assume that it might be related to the fact that additional transactions are required and that the funds are not claimable immediately, therefore creating room for such mistakes.

When we reported our findings to the Polygon team on November 23rd, 2022, they sent the relevant claiming transactions to the user, releasing $2M from the Polygon bridge to that user’s account. It’s worth noting that any altruistic user willing to pay the gas price, not just Polygon, could claim the unclaimed funds and move them to the original withdrawing account.

007’s account reunited with their $2M unclaimed funds on November 23rd (Source: Debank )

We could only imagine that it was a very nice surprise for 007, waking up and finding an extra $2M in their Ethereum account!

Summing up

The Polygon blockchain and its bridging capabilities can be very useful to users. Bridging from Ethereum is quite straightforward, however bridging back might be more cumbersome to users, currently resulting in potential losses currently valued in millions of USD.

Luckily, nothing is permanently lost! If you have such unclaimed bridge funds, feel free to reach out to us and we will try to help you get your money back!

In the meantime…

  • Follow ZenGo on Twitter for latest updates: @ZenGo
  • Learn more about ZenGo X, our open-source MPC library, and github here.
Comments

All Comments

Recommended for you

  • AI data collection startup Sapien raises $10.5 million in seed funding

    AI data collection startup Sapien has completed a $10.5 million seed round of funding, led by Variant, with participation from Primitive Ventures, Animoca, Yield Game Guild, and HF0. Sapien's team is led by former co-founder of Coinbase Layer2 network Base, Rowan Stone, and founder of Polymath and author of RWA standard ERC1400, Trevor Koverko. Sapien rewards data providers using USDC stablecoins or a reward points system.

  • Privacy-Focused Blockchain Project Nillion Raises $25M in Funding Round Led by Hack VC

    Privacy-focused blockchain project Nillion has secured $25 million in a funding round led by Hack VC, with participation from Arbitrum, Worldcoin, and Sei. Nillion aims to attract projects at the intersection of blockchain and AI, where secure sharing and storage of large amounts of data are crucial. The company's service is built around the concept of "blind computing," which enables the processing of data without revealing its contents. Nillion's partners include blockchain networks NEAR, Aptos, Arbitrum, and Ritual, among others.

  • BTC falls below $72,000

    the market shows BTC has fallen below $72,000, currently trading at $71,959.7 with a 24-hour increase of 0.69%. The market is volatile, please be prepared for risk control.

  • Spot gold reaches $2,780 for the first time

    spot gold rose and touched $2,780 per ounce, reaching a new historical high, with a cumulative increase of nearly $150 in October. 

  • GRASS briefly broke through $1.1

     GRASS has broken through 1.1 US dollars in a short period of time and is currently trading at 1.0512 US dollars, with a 24-hour increase of over 60%. The market is volatile, so please be prepared for risk control.

  • Bitcoin re-staking protocol PumpBTC completes 10 million seed round financing

    PumpBTC, a Bitcoin liquidity collateral platform, announced the completion of a $10 million seed round of financing, led by SevenX Ventures and Mirana Ventures, with participation from UTXO, Mantle Ecosystem Fund, and other institutions, and attracted many industry partners such as Quantstamp and Veda.

  • BTC breaks through $71,000

    the market shows BTC has broken through $71,000, currently trading at $71,002.01 with a 24-hour increase of 3.62%. The market is highly volatile, please exercise caution in risk control.

  • SlowMist: The theft of 1.67 million EIGEN tokens originated from an external malicious attack

    SlowMist announced in a post that it was commissioned to investigate independently the recent theft of 1.67 million EIGEN tokens. After a thorough investigation, SlowMist concluded that the incident was caused by an external malicious attack: an investor of Eigen Labs became a victim of a phishing attack, which led to the intrusion of an employee's email account. This allowed the attacker to access the email thread between the investor, Eigen Labs, and the custodian, where they discussed transferring EIGEN tokens to the custodian, who would hold the tokens on behalf of the investor.

  • BTC breaks through $71,500

    the market shows that BTC has broken through $71,500 and is now reported at $71,526.32, with a 24-hour increase of 5.61%. The market is volatile, please be prepared for risk control.

  • In April, Polygon’s on-chain NFT sales exceeded US$50 million, setting the second highest record of the year

    According to Cryptoslam data, the NFT sales on Polygon chain in April exceeded 50 million US dollars, reaching 51,539,690.69 US dollars, setting the second highest monthly sales record in 2024, second only to January's sales of 112 million US dollars this year. In addition, the NFT trading volume on Polygon chain in April increased significantly to 1.5 million transactions, with nearly 90,000 independent sellers and over 33,000 independent buyers.