HomeBlockchainWhite hat finds huge vulnerability in Ethereum–Arbitrum bridge: Wen max bounty?

White hat finds huge vulnerability in Ethereum–Arbitrum bridge: Wen max bounty?

- Advertisement -



White hat finds huge vulnerability in Ethereum–Arbitrum bridge: Wen max bounty?

A self-described white hat hacker has uncovered a “multi-million dollar vulnerability” in the bridge linking Ethereum and Arbitrum Nitro and received a 400 Ether (ETH) bounty for their find.

Known as riptide on Twitter, the hacker described the exploit as the use of an initializing function to set their own bridge address, which would hijack all incoming ETH deposits from those trying to bridge funds from Ethereum to Arbitrum Nitro.

Riptide explained the exploit in a Medium post on Tuesday:

“We could either selectively target large ETH deposits to remain undetected for a longer period of time, siphon up every single deposit that comes through the bridge, or wait and just front-run the next massive ETH deposit.”

The hack could have potentially netted tens or even hundreds of millions worth of ETH, as the largest deposit riptide recorded in the inbox was 168,000 ETH worth over $225 million, and typical deposits ranged from 1000 to 5000 ETH in a 24-hour period, worth between $1.34 to $6.7 million.

Despite the earning potential from the ill-gotten gains, riptide was thankful that the “extremely based Arbitrum team” provided a 400 ETH bounty, worth over $536,500. However, they added later on Twitter that such a find “should be eligible for a max bounty,” which is worth $2 million.

Neither Arbitrum nor its creator company OffChain Labs have publicly commented on the exploit; Cointelegraph contacted OffChain Labs for comment but did not immediately hear back.

Related: ETHW confirms contract vulnerability exploit, dismisses replay attack claims

Arbitrum is a layer-2 Optimistic Rollup solution for Ethereum, clustering batches of transactions before submitting them to the Ethereum network in an effort to minimize network congestion and save on fees. Arbitrum Nitro launched on Aug. 31st, an upgrade aimed to simplify communication between Arbitrum and Ethereum, as well as increasing its transaction throughput at lower fees.

Similar style bridge hacks have been successful for exploiters this year, notably, the $100 million stolen from the Horizon Bridge in June and the recent Nomad token bridge incident in August, which saw $190 million drained by the original and “copycat” hackers repeating the exploit.





Read orginal here

- Advertisement -
Mr Bitcointe
Mr Bitcointehttps://www.bitcointe.com/
“Fact You Need To Know About Cryptocurrency - The first Bitcoin purchase was for pizza.” ― Mohsin Jameel
462FansLike
76FollowersFollow
4,567FollowersFollow
5,261FollowersFollow
1,580FollowersFollow
2,230SubscribersSubscribe

Most Popular

bitcoin
Bitcoin (BTC) $ 18,889.94
ethereum
Ethereum (ETH) $ 1,312.79
tether
Tether (USDT) $ 0.998588
bitcoin-cash
Bitcoin Cash (BCH) $ 113.35
litecoin
Litecoin (LTC) $ 52.50
eos
EOS (EOS) $ 1.24
okb
OKB (OKB) $ 15.00
tezos
Tezos (XTZ) $ 1.44
leo-token
LEO Token (LEO) $ 4.34
cardano
Cardano (ADA) $ 0.444937
monero
Monero (XMR) $ 138.32
stellar
Stellar (XLM) $ 0.114149
chainlink
Chainlink (LINK) $ 6.85
huobi-token
Huobi (HT) $ 4.53
tron
TRON (TRX) $ 0.059862
usd-coin
USD Coin (USDC) $ 0.998286
dash
Dash (DASH) $ 40.49
neo
NEO (NEO) $ 8.27
iota
IOTA (MIOTA) $ 0.254724
nem
NEM (XEM) $ 0.039805
zcash
Zcash (ZEC) $ 53.64
maker
Maker (MKR) $ 607.25
paxos-standard
Pax Dollar (USDP) $ 0.998198
ethereum-classic
Ethereum Classic (ETC) $ 28.62
vechain
VeChain (VET) $ 0.022171
true-usd
TrueUSD (TUSD) $ 0.998856
ftx-token
FTX (FTT) $ 23.31
kucoin-shares
KuCoin (KCS) $ 8.90
waves
Waves (WAVES) $ 3.95