Now Loading

THE ETHICAL EXPLOITER THANKED ARBITRIUM FOR THE 400 ETH PAYDAY

THE ETHICAL EXPLOITER THANKED ARBITRIUM FOR THE 400 ETH PAYDAY

A self-described white hat hacker discovered a "multi-million dollar vulnerability" in the bridge connecting Ethereum and Arbitrum Nitro and received a reward of 400 Ether (ETH) for his discovery.


The hacker, known as riptide on Twitter, described the exploit as using an initialization function to set up their own bridge address that would hijack all incoming ETH deposits from those trying to bridge funds from Ethereum to Arbitrum Nitro.


Riptide explained the exploit in a Medium post on Tuesday:


"We could either selectively target large ETH deposits to remain undetected for longer periods of time, siphon every single deposit that passes the bridge, or wait and launch another massive ETH deposit straight away."

This hack could potentially gain tens or even hundreds of millions of ETH in value, as the largest increase in deposits seen in the inbox was 168,000 ETH worth over $225 million and typical deposits ranged from 1,000 to 5,000 ETH in 24 hours worth between $1.34 and $6.7 million.


Despite the potential to cash in on ill-gotten gains, riptide was grateful that the "extremely dedicated Arbitrum team" provided a reward of 400 ETH worth over $536,500. However, they later added on Twitter that such a find "should be eligible for the maximum reward", which is worth $2 million.


Neither Arbitrum nor its creative company, OffChain Labs, have publicly commented on the exploit; Cointelegraph reached out to OffChain Labs for comment but did not immediately hear back.


Arbitrum is an Optimistic Rollup Layer 2 solution for Ethereum that aggregates batches of transactions before sending them to the Ethereum network in an effort to minimize network congestion and save on fees. Arbitrum Nitro launched on August 31st, an upgrade that aims to simplify communication between Arbitrum and Ethereum as well as increase its transaction throughput for lower fees.

Source: cointelegraph



How do you feel about this blog?

0 Comments

Leave a Reply