Arbitrum Rewards Hacker With 400 ETH For Detecting a Critical $400M Vulnerability

Spread the love

On September 19, Arbitrum, some of the standard Layer 2 options for Ethereum, paid 400 ETH (about $560,000) to a white hat hacker who discovered a potential vulnerability in its code.

The white hat hacker, identified on Twitter as Riptide, finds vulnerabilities inside sensible contracts written in Solidity. Riptide said the “multi-million greenback vulnerability” may doubtlessly have an effect on anybody who wished to change funds from Ethereum to Arbitrum Nitro.

Arbitrum Prevented Millions of Dollars in Losses

The hacker totally scanned the Arbitrum Nitro code a few weeks earlier than it was launched, checking the contracts so they might “see if the update had been a success.”

After the improve, Riptide seen some errors that prevented the bridge from working accurately. Upon additional inspection, Riptide seen that the inbox sequencer was experiencing a delay.

“A consumer can ship a message to the Sequencer by signing and publishing an L1 transaction within the Arbitrum chain’s Delayed Inbox. This performance is mostly used for depositing ETH or tokens through a bridge.”

After rescanning the contract, Riptide confirmed that the inbox sequencer bug allowed a important vulnerability within the contract by which Riptide or one other malicious hacker may have obtained hundreds of thousands of {dollars} by diverting incoming ETH deposits from the L1 to the L2 bridge into their wallets earlier than being detected.

However, Riptide determined to report the vulnerability and apply for a reward as an alternative, which to their shock, was simply 400 ETH as an alternative of the $2 million reward Arbitrum provided as its most tier. Upon receiving the reward, the hacker argued that it was not consistent with the significance of the bug and the chance it entailed.

It is price mentioning that in March 2022, Arbitrum was the sufferer of an exploit wherein a hacker or a group of hackers stole greater than 100 NFT from TreasureDAO, with a valuation of a minimum of $1.4 million.

White Hat Hackers: A Lucrative Business in Crypto-Land

Independent auditing is of giant significance within the crypto ecosystem. Over the course of the yr, a number of platforms have opted to pay bounties to white hat hackers who report potential vulnerabilities of their code or sensible contracts.

For instance, in mid-February, Coinbase paid “the most important bounty in its historical past” ($250,000) to a hacker named “Tree of Alpha” for saving them from a billion-dollar loss as a consequence of a flaw within the “Advanced Trading” function.

At the time, Tree of Alpha was grateful for the fee stating that it may serve him nicely in retirement; nonetheless, like Riptide, he famous that “a greater bounty may need been sensible to discourage extra grey hats from exploiting vulnerabilities.”

Also,  Jay “Saurik” Freeman —who works with the decentralized VPN protocol Orchid and is a legend within the iOS jailbreak communityreceived over $2 million for reporting a vulnerability in Optimism, a “layer 2 scaling resolution” for Ethereum.

The post Arbitrum Rewards Hacker With 400 ETH For Detecting a Critical $400M Vulnerability appeared first on CryptoPotato.


Spread the love