Another White Hat Hacker Saves the Day After Revealing Arbitrum Vulnerability

An exploitable fault in the bridge connecting Ethereum and Arbitrum Nitro was revealed by an anonymous developer, avoiding another major crypto hack in the crypto ecosystem.

The white hat hacker, riptide, claimed a bounty of 400 ETH by revealing a critical bug on the Ethereum scaling solution Arbitrum that could have allowed any hacker to steal all incoming deposits between the Layer1 and Layer2 bridge.

No big deal just bridging a cool $470mm through the same Inbox contract

Definitely should be eligible for a max bounty

https://t.co/w7S58QNQZu

— riptide (@0xriptide) September 20, 2022

Instead of exploiting the breach, the ethical hacker noted, “My current interest is within the cross-chain arena due to the complexity involved for the developers of these projects and the significant amount of funds at risk due to the current ‘honeypot’ structure of most bridge implementations.”

Ethical white hat hacker diverts another multi-million dollar exploit

Riptide noted in a blog post that he knew Arbitrum Nitro was launching and decided to keep an eye on the upgrade to check its success. However, after finding the security breach, the ethical hacker noted there was enough time to selectively target large ETH deposits to remain undetected for a more extended period, siphon off every single deposit that passes through the bridge, or simply wait and front-run the next massive ETH deposit.

Arbitrum chain’s Delayed Inbox, which is used for depositing ETH or tokens via a bridge, uses an initializer function. The white hat hacker noted that “we can hijack all incoming ETH deposits from users attempting to bridge to Arbitrum via the depositEth() function.”

Vulnerabilities on crypto bridges are the most exploited

Earlier in August, crypto bridge Nomad was exploited for nearly $200 million as bridge attacks are a growingly common tactic for criminals. Numerous attacks have occurred this year alone, including the $600 million attack on the relaunched Ronin bridge of Axie Infinity.

Hackers reportedly stole nearly $2 billion from the DeFi industry during the first six months of this year, according to Chainalysis. Meanwhile, it is also estimated that North Korean criminal groups already took $1 billion in cryptocurrency from DeFi protocols in 2022 alone.

With that, the incident has also started a debate around the number of bounties handed over to the developers and white hat hackers for exposing weaknesses. An Optimism developer, who uses the Twitter handle ‘smartcontracts.eth,’ argued that given the potential impact of the fault, the maximum reward could have been given, adding, “Arbitrum bridge bug is critical bridge bug #3 caused by bad initializers, in case we needed another reason to get rid of initializers. Surprised Arbitrum only paid 400 ETH and not [the] max bounty given.”

On the importance of careful migration. I’m surprised Arbitrum didn’t pay out the maximum bounty here given that people like Binance are doing 350k ETH deposits to rebalance accounts… https://t.co/N9KUsJ9VEG https://t.co/Lx32UVkbjd

— smartcontracts.eth (_) (@kelvinfichter) September 20, 2022

The blog highlighted that the most significant deposit recorded on the inbox contract was 168,000 ETH (close to $250 million), with total deposits in 24 hours ranging from ~1000 to ~5000 ETH, exposing the extent of a potential rug pull or hack.

The post Another White Hat Hacker Saves the Day After Revealing Arbitrum Vulnerability appeared first on BeInCrypto.

Related Posts

Next few weeks are ‘critical’ for stock market and Bitcoin, analyst says

Alessio Rastani, a cryptocurrency analyst and trader, shares his outlook on crypto, stocks and the forex market for the next weeks. The stock market’s movements in the…

The U.S. Senators Revised Cybersecurity Bill To Include Crypto

Two U.S. senators passed a new bill amending the Cybersecurity Information Sharing Act of 2015 to include the crypto firms to report cyberthreats they face. The U.S…

S&P Global Report Says EU and UK Are in a Recession, Putin Thinks the West Is Greedy

Today’s blustery global economy has everyone on edge as inflation has wreaked havoc on the wallets of ordinary people and energy prices continue to soar worldwide. According…

Coinbase Reports Issues With U.S. Users Depositing and Withdrawing From Banks

Coinbase has released a statement saying it is working to fix issues preventing the exchange users from processing transactions from US banks. Earlier today, the exchange users…

Activity Stagnates Post-Merge Ethereum, Sidechain on Losing Side

Ethereum pulled off a stunning technical upgrade that saw the popular blockchain transition to the proof-of-stake consensus model for processing transactions after six years of work. However,…

Latest Survey Shows Exactly How Many People in the US Know About NFTs

Years of work from stakeholders in the NFT space seem to be paying off in increased public visibility and support. Despite being a niche concept years ago,…

Generated by Feedzy