Whitehat Gerhard Wagner sent a vital vulnerability on October 5th, 2021 that impacted the Polygon Plasma Bridge. The vulnerability permitted an opponent to leave their burn deal from the bridge numerous times, up to 223 times. There was around ~$850M at threat. Having simply $100k to launch the attack with would lead to $22.3M in losses!
The whitehat got a payout of $2m from Polygon, which is the greatest bounty ever paid in history.
Polygon Double-Spend Bug Fix Postmortem — $2m Bounty