THE DAILY ENCRYPT

[date-today format='F j, Y']

Arbitrum Will Pay Programmer to Find a Bug In ETH and Nitro Bridge

Arbitrum paid 400 ETH to a code bounty hunter (about $520,000) in exchange for finding a vulnerability between Ethereum, Arbitrum Nitro and other blockchains....
black flat screen computer monitor
Photo by Mohammad Rahmani

Arbitrum paid 400 ETH to a code bounty hunter (about $520,000) in exchange for finding a vulnerability between Ethereum, Arbitrum Nitro and other blockchains. This vulnerability could have affected more than $250,000,000, but was not discovered until any funds were stolen.

Arbitrum has released details about a vulnerability and a bounty. This exploit could have harmed more than $250 million.

The vulnerability was discovered by a pseudonymous solidity bounty hunters “0xriptide.” This could have affected anyone who tried to bridge funds between Ethereum and Arbitrum Nitro, 0xriptide stated.

Arbitrum vulnerability finder goes by the name of 0xriptide

Arbitrum paid 0xriptide 400 Ethereum (about $520,000) in compensation for being alerted to the vulnerability.

0xriptide’s day to-day consists of scanning ImmuneFi, which is a bug bounty platform that has stopped hacks worth more than $20 trillion. He has been focusing on cross-chain exploits as they present a greater risk to funds due to the honeypot structure of bridge protocols.

He began his search for the Arbitrum exploit a few weeks before the Arbitrum Nitro upgrade. After his initial investigation, he discovered a vulnerability in which the bridging contract could accept deposits even though it was initially created.

0xriptide said,

“When you find an uninitialized address in Solidity, you should take a moment and pause to investigate further. You never know if it was intentionally left uninitialized by mistake or purposely left unsanctioned.”

What the bridge exploit is

0xriptide discovered that a hacker could set their own address to act as the bridge and steal all incoming ETH deposits from Etheruem, Arbitrum Nitro, and other addresses.

The hacker could have targeted larger ETH deposits to hide their actions or launched a guerrilla-style attack to siphon all funds coming in.

The maximum deposit made during the time the exploit was possible was 168,000 ETH or $250 million. In any 24-hour period where the vulnerability could be exploited, the average deposit was between 1,000 and 5,000 ETH.

Vitalik Ivanov

Vitalik Ivanov

Vitalik is a speaker / journalist. He has spoken and given presentations at many blockchain events across the world. Vitalik is based in the UK, he loves to travel and calls Dubai his "crypto home". Vitalik has enjoyed speaking at blockchain events and has a main focus on CBDC's, NFT's and altcoins. Vitalik says "Everything, and i mean everything will be an NFT one day".
Vitalik Ivanov

Vitalik Ivanov

Vitalik is a speaker / journalist. He has spoken and given presentations at many blockchain events across the world. Vitalik is based in the UK, he loves to travel and calls Dubai his "crypto home". Vitalik has enjoyed speaking at blockchain events and has a main focus on CBDC's, NFT's and altcoins. Vitalik says "Everything, and i mean everything will be an NFT one day".

© 2022 The Daily Encrypt. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Latest News
PRESS RELEASES