Is Polygon Centralised?
Polygon boasts having over 37000 DApps, but it may be centralised warns an expert. What is the truth?
Dear readers,
There is a process I follow to decide on my one pièce de résistance that will stand out in your inbox every morning. I spend hours reading about various news from the industry, then skim through several Twitter chats, followed by looking at the chatter in several WhatsApp and telegram groups I am part of. Eventually, I choose a subject which is either not at all talked about like the anti-crypto conference or is gaining a notorious amount of attention like who really owns WazirX.
Today’s topic, however, is neither.
Polygon is no doubt the flag bearer of the crypto ecosystem, especially as one that originated from India. Recently, they celebrated being home to 37000 DApps
. But is that enough?Justin Bons founder & CIO of Cyber Capital raised concerns about the chain being centralised. This is not the first time he or many others have raised concerns. He received clarifications from several prominent representatives at Polygon.
And hence today’s topic is Is Polygon Centralised?
Polygon’s Centralisation Concerns
Justin Bons is the Chief Information officer and founder of an investment fund Cyber Capital. He regularly writes about security concerns of public chains, sometimes with remediation suggestions as well. On August 15, 2022, he tweeted, “Polygon is still highly insecure & centralized!” followed by a 25 tweet thread explaining how. This isn’t even the first time Bons has raised these concerns. Many others have also raised similar concerns in the past. Here’s a gist of Bons’ concerns:
The Polygon admin key is controlled by a 5 out of 8 multi-sig contract, and four of these access keys are controlled by the four co-founders. This means that one additional key holder can conspire with the founders and gain control of Polygon’s bridge currently holding assets worth ~$2 Billion.
If an attacker has control they may be able to censor transactions as well, Bons claims.
Lack of transparency. Bons says that Polygon has not disclosed how the multi-sig contract is set up & how the keys are managed and it is very well possible that one person may already be able to control the contract.
Bons further acknowledged that this is a common practice in the industry, but as Polygon is as huge as it is, it must be called out and the issue must be remediated. “Polygon could & should lead the way in that direction”, he wrote.
He raised concerns that while the founders may never actually scam but they “are also exposing themselves to danger as they become targets as human points of centralization!… Organized crime could target these individuals, potentially even through kidnapping & blackmail!”
Polygon governance is still far too centralized as they have a low number of validators.
Many others have pointed out concerns like the top 100 addresses hold almost 89% of the total MATIC circulating supply.
Bons’ Alternative
Bons says the way forward is to hand over the admin key to Matic token holders, effectively turning control over to a "Polygon DAO". This would mean a complete migration to a new contract.
“A DAO should control the admin key, but if a multi-sig is necessary it can be done more securely”, says Bons.
Such a proposal means a massive expensive overhaul of the system. Bons acknowledges this, but says this is the price to pay for decentralization.
Key People at Polygon Address Centralization and Exit Scam Concerns
Over the course of the past couple of years, Polygon co-founders, governance leads and several others have addressed these concerns on Twitter. Even today they came forward to discuss.
Both Mudit Gupta, the CISO at Polygon and Mateusz Rzeszowski, the governance facilitator and author of “State of Governance: Decentralization” at Polygon responded today.
Gupta says it is a huge legal liability for Polygon founders to scam the network as they are doxxed - their identities are public.
He also says that in an event of a takeover, only the assets in the bridge can be compromised, and the transactions on the PoS chain cannot be censored as Bons claimed.
Both Gupta and Rzeszowski acknowledged the validity of concerns with the mutli-sig contract. They said that they have and still continue to look at potential solutions while also welcoming feedback and suggestions from the community. The goal is to eventually hand over control to MATIC token holders via governance.
The reason the keys are controlled by 8 individuals is that the contracts of Polygon first needed to be battle-tested and robust enough so that user funds are not affected in case of bugs that can now be fixed quicker. In December 2021, Polygon was able to quietly patch a bug that put 9B MATIC at risk.
Rzeszowski added that they are developing a tool that allows anyone to see the transactions done using the multi-sig.

Opinion: Is Polygon Centralised?
Simply put, the concerns about multi-sig are absolutely valid but that is the practice of the industry. I sort of agree with Gupta who colloquially said “Nobody builds a fortress and then makes the blueprints public”.
Almost all L2s like Optimism and Arbitrum follow a similar process.
Polygon has a total market cap of $7B, I simply do not see the advantage for founders in scamming the network. This is like their golden goose. Why kill it?
Yes, just because they are not incentivised to do so, doesn't mean that other bad actors won’t try to gain control of the contract. So, until they truly figure out how Polygon DAO will govern the keys, I suggest the four co-founders never be alone in non-crowded places to avoid any kidnapping and extortion risks.
Overall these debates are healthy for the ecosystem to thrive. There is always something new to learn. There will always be a threat actor that only a few people may be able to identify. Hence, these conversations help the entire ecosystem become more robust and decentralised.
What do you think of Polygon?
In Other News:
BitGo wants Galaxy Digital to pay $100 Million for the termination of the merger agreement. Read more
19 Celebrities receive letters from Advertising Watchdog for promoting NFTs. Read more
Andreessen Horowitz writes a cheque of $350 Million to WeWork's former CEO for his new startup. Read more
Polygon is home to 37000 DApps - https://blog.polygon.technology/polygon-is-now-home-to-over-37000-dapps/
Top 100 Polygon Wallets - https://cryptorank.io/price/matic-network/holders
Is it possible to translate or write in simple Hindi language ? Or you can summarised it in Hindi, if possible
As you know most of our community having problem with English.