Arbitrum Rewards Hacker With 400 ETH For Detecting a Critical $400M Vulnerability

Largest Crypto Hack Ever? Ronin Bridge Exploited for $600M+ in ETH and USDC

On September 19, Arbitrum, probably the most in style Layer 2 options for Ethereum, paid 400 ETH (about $560,000) to a white hat hacker who discovered a potential vulnerability in its code.

The white hat hacker, recognized on Twitter as Riptide, finds vulnerabilities inside sensible contracts written in Solidity. Riptide said the “multi-million greenback vulnerability” may probably have an effect on anybody who needed to trade funds from Ethereum to Arbitrum Nitro.

Arbitrum Prevented Millions of Dollars in Losses

The hacker completely scanned the Arbitrum Nitro code a few weeks earlier than it was launched, checking the contracts so they might “see if the replace had been a success.”

After the improve, Riptide seen some errors that prevented the bridge from working accurately. Upon additional inspection, Riptide seen that the inbox sequencer was experiencing a delay.

“A shopper can ship a message to the Sequencer by signing and publishing an L1 transaction within the Arbitrum chain’s Delayed Inbox. This performance is mostly used for depositing ETH or tokens by way of a bridge.”

After rescanning the contract, Riptide confirmed that the inbox sequencer bug allowed a essential vulnerability within the contract by which Riptide or one other malicious hacker may have obtained thousands and thousands of {dollars} by diverting incoming ETH deposits from the L1 to the L2 bridge into their wallets earlier than being detected.

However, Riptide determined to report the vulnerability and apply for a reward as a substitute, which to their shock, was simply 400 ETH as a substitute of the $2 million reward Arbitrum supplied as its most tier. Upon receiving the reward, the hacker argued that it was not in keeping with the significance of the bug and the chance it entailed.

It is value mentioning that in March 2022, Arbitrum was the sufferer of an exploit wherein a hacker or a group of hackers stole greater than 100 NFT from TreasureDAO, with a valuation of a minimum of $1.4 million.

White Hat Hackers: A Lucrative Business in Crypto-Land

Independent auditing is of big significance within the crypto ecosystem. Over the course of the 12 months, a number of platforms have opted to pay bounties to white hat hackers who report potential vulnerabilities of their code or sensible contracts.

For instance, in mid-February, Coinbase paid “the biggest bounty in its historical past” ($250,000) to a hacker named “Tree of Alpha” for saving them from a billion-dollar loss as a result of a flaw within the “Advanced Trading” characteristic.

At the time, Tree of Alpha was grateful for the fee stating that it may serve him nicely in retirement; nevertheless, like Riptide, he famous that “a larger bounty might need been sensible to discourage extra grey hats from exploiting vulnerabilities.”

Also,  Jay “Saurik” Freeman —who works with the decentralized VPN protocol Orchid and is a legend within the iOS jailbreak communityreceived over $2 million for reporting a vulnerability in Optimism, a “layer 2 scaling resolution” for Ethereum.

SPECIAL OFFER (Sponsored)

Binance Free $100 (Exclusive): Use this hyperlink to register and obtain $100 free and 10% off charges on Binance Futures first month (phrases).

PrimeXBT Special Offer: Use this hyperlink to register & enter POTATO50 code to obtain as much as $7,000 in your deposits.



Source link

Be the first to comment

Leave a Reply

Your email address will not be published.


*