Connect with us
Active Currencies 16235
Market Cap $3,439,275,121,637.40
Bitcoin Share 55.36%
24h Market Cap Change $-4.45

Here’s how Arbitrum recently averted a catastrophic crisis

2min Read

Share this article

Arbitrum, one of Ethereum’s most popular layer 2 scaling solutions, averted a catastrophic crisis when a white hat hacker alerted the platform about a critical bug he had discovered on the Arbitrum Nitro upgrade.

The discovery

The hacker, who goes by the name Riptide (@0xriptide) on Twitter, discovered the “multi-million dollar” vulnerability on the Ethereum-Arbitrum Nitro bridge. The bug would’ve enabled any bad actor to hijack incoming ETH deposits from users attempting to bridge to Arbitrum.

Riptide scanned the Arbitrum Nitro code before its intended release, to look for flaws. Upon execution of the “initializer”, he realized that the contract was “completely vulnerable” and opened the door for hackers to exploit the thousands of ETH deposits that the platform accepted every day. 

Developers in the community are not particularly a fan of initializers and have criticized their use in codes.

Riptide often looks for bug bounties and focuses mainly on searching for vulnerabilities solely within smart contracts written in Solidity. 

The reward

Being a white hat hacker, Riptide chose to inform Arbitrum of his discovery rather than exploiting the bug for personal gain. Of course, there is a bug bounty in place by several platforms to incentivize hackers to report such events. 

In this case, Arbitrum rewarded the hacker with 400 ETH, which is a little more than half a million dollars. As per Riptide’s calculations, his efforts saved the platform more than $470 million, $225 million of which are associated with a single transaction. 

He believes that his discovery was eligible for the maximum tier bounty of $2 million. “if you post a $2mm bounty- be prepared to pay it when it’s justified. Otherwise just say the max bounty is 400 ETH and be done with it.” he added while stating that cutting short the reward for honest work doesn’t do much to keep a white hat from straying towards a malicious path.

Earlier this year in March, TreasureDAO, the Arbutrum-based NFT marketplace, was exploited to the tune of $1.4 million after hackers managed to steal more than 100 NFTs from the platform.

Increasing bridge hacks

Blockchain intelligence firm Chainalysis reported last month that vulnerabilities in cross-chain bridges like the one mentioned above have emerged as a top security risk.

More than $1.3 billion have been lost to bridge hacks this year. The most notable 2022 bridge hacks include Ronin, Nomad, and Wormhole. 

The Nomad protocol came under fire last month after it rolled out an NFT prize scheme in order to incentivize hackers to return their share of the $190 million that was lost in a hack on 2 August.

Share

Saman Waris works as a News Editor at AMBCrypto. She has always been fascinated by how the tides of finance and technology shape communities across demographics. Cryptocurrencies are of particular interest to Saman, with much of her writing centered around understanding how ideas like Momentum and Greater Fool theories apply to altcoins, specifically, memecoins. A graduate in history, Saman worked the sports beat before diving into crypto. Prior to joining AMBCrypto 2 years ago, Saman was a News Editor at Sportskeeda. This was preceded by her stint as Editor-in-Chief at EssentiallySports.
Read the best crypto stories of the day in less than 5 minutes
Subscribe to get it daily in your inbox.
Please check the format of your first name and/or email address.

Thank you for subscribing to Unhashed.