News21 September 2022

Ethical hacker found a multimillion-dollar vulnerability in Arbitrum bridge

Share

Such hackers are also called white hats or white hats. As a result of the discovery, he was rewarded with 400 ETH. But as the hacker said, it would be worth giving a maximum reward of 1,500 ETH for such a vulnerability.

The white hat hacker, without malicious intent, discovered a "multimillion dollar vulnerability" in the bridge connecting Ethereum and Arbitrum Nitro and was rewarded with 400 ether (ETH) for his "find."

The dude on Twitter, nicknamed riptide, described the exploit as using an initialization function to set up his own bridge address that intercepts all incoming ETH deposits from those trying to transfer funds from Ethereum to Arbitrum Nitro.

WELL... that's a strong one, of course. He could assign himself every transaction on the bridge if he wanted to. Or as the cool hacker himself put it. 

"We could selectively target large ETH deposits to remain undetected for a longer time, intercept every deposit that passes through the bridge, or wait and just get ahead of the next large ETH deposit."

If we look at the statistics, the hack could bring losses by a really laaaarge amount. After all, the largest deposit recorded in the mailbox was 168,000 ETH, worth over $225 million, and regular deposits ranged from 1,000 to 5,000 ETH within 24 hours. That's about $1.34 to $6.7 million.

It turns out that the earning potential has virtually no ceiling. Yet, the Arbitrum team has thanked riptide in no way commenting on the exploit. It is 400 ETH, about $536,000. In return, riptide was grateful but noted that for such an exploit, he should be given the maximum reward, equal to $ 2 million.

So far, no one has responded to this "request."

Share

Join 25,000+ crypto founders, speculators and researchers.

Another Stuff