Connect with us


Here’s how Arbitrum recently averted a catastrophic crisis



Source: Unsplash

Arbitrum, one of Ethereum’s most popular layer 2 scaling solutions, averted a catastrophic crisis when a white hat hacker alerted the platform about a critical bug he had discovered on the Arbitrum Nitro upgrade.

The discovery

The hacker, who goes by the name Riptide (@0xriptide) on Twitter, discovered the “multi-million dollar” vulnerability on the Ethereum-Arbitrum Nitro bridge. The bug would’ve enabled any bad actor to hijack incoming ETH deposits from users attempting to bridge to Arbitrum.

Riptide scanned the Arbitrum Nitro code before its intended release, to look for flaws. Upon execution of the “initializer”, he realized that the contract was “completely vulnerable” and opened the door for hackers to exploit the thousands of ETH deposits that the platform accepted every day. 

Developers in the community are not particularly a fan of initializers and have criticized their use in codes.

Riptide often looks for bug bounties and focuses mainly on searching for vulnerabilities solely within smart contracts written in Solidity. 

The reward

Being a white hat hacker, Riptide chose to inform Arbitrum of his discovery rather than exploiting the bug for personal gain. Of course, there is a bug bounty in place by several platforms to incentivize hackers to report such events. 

In this case, Arbitrum rewarded the hacker with 400 ETH, which is a little more than half a million dollars. As per Riptide’s calculations, his efforts saved the platform more than $470 million, $225 million of which are associated with a single transaction. 

He believes that his discovery was eligible for the maximum tier bounty of $2 million. “if you post a $2mm bounty- be prepared to pay it when it’s justified. Otherwise just say the max bounty is 400 ETH and be done with it.” he added while stating that cutting short the reward for honest work doesn’t do much to keep a white hat from straying towards a malicious path.

Earlier this year in March, TreasureDAO, the Arbutrum-based NFT marketplace, was exploited to the tune of $1.4 million after hackers managed to steal more than 100 NFTs from the platform.

Increasing bridge hacks

Blockchain intelligence firm Chainalysis reported last month that vulnerabilities in cross-chain bridges like the one mentioned above have emerged as a top security risk.

More than $1.3 billion have been lost to bridge hacks this year. The most notable 2022 bridge hacks include Ronin, Nomad, and Wormhole. 

The Nomad protocol came under fire last month after it rolled out an NFT prize scheme in order to incentivize hackers to return their share of the $190 million that was lost in a hack on 2 August.

Read the best crypto stories of the day in less than 5 minutes

Subscribe to get it daily in your inbox.

Please select your Email Preferences.

Ser Suzuki Shillsalot has 8 years of experience working as a Senior Investigative journalist at The SpamBot Times. He completed a two-hour course in journalism from a popular YouTube video and was one of the few to give it a positive rating. Shillsalot's writings mainly focus on shilling his favourite cryptos and trolling anyone who disagrees with him. P.S - There is a slight possibility the profile pic is AI-generated. You see, this account is primarily used by our freelancer writers and they wish to remain anonymous. Wait, are they Satoshi? :/

Click to comment

Leave a Reply

Your email address will not be published.

Disclaimer: AMBCrypto's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.