Arbitrum Saved From Major ETH Loss by White Hat Hacker

Please fol­low and like us:
Pin Share

  • Arbi­trum paid 400 ETH via Immune­Fi to white hat hacker
  • Arbi­trum bridge bug was caused by bad ini­tial­iz­ers in the con­tract code

Anoth­er cryp­tocur­ren­cy vul­ner­a­bil­i­ty has been uncov­ered by a so-called white hat hack­er, who found an exploitable bug in the bridge between Ethereum and Arbi­trum Nitro.

The hack­er, known as rip­tide on Twit­ter, out­lined their dis­cov­ery, which comes on the heels of an esca­lat­ing series of hacks in the bridges that con­nect dif­fer­ent blockchains, which col­lec­tive­ly have been drained of hun­dreds of mil­lions of dol­lars of pre­dom­i­nant­ly user funds this year. 

Arbi­trum, the layer‑2 Ethereum scal­ing solu­tion, paid rip­tide a boun­ty of 400 ether (ETH) as a reward via the bug boun­ty plat­form ImmuneFi.

The mul­ti-mil­lion dol­lar vul­ner­a­bil­i­ty, as rip­tide called it, would have allowed an attack­er to steal all incom­ing ether deposits from users attempt­ing to bridge their assets between Ethereum layer‑1 and layer‑2 pro­to­cols to Arbitrum.

The ini­tial­iza­tion-relat­ed vul­ner­a­bil­i­ty, accord­ing to the white hat hack­er, would have enabled any nefar­i­ous actor to imper­son­ate a user and send the authen­ti­ca­tion mes­sage to the “sequencer­In­box” func­tion to exe­cute the vulnerability. 

The largest deposit record­ed on the inbox con­tract was 168,000 ETH, around $250 mil­lion, with aver­age deposits rang­ing from 1,000 to 5,000 ETH in a 24-hour peri­od, rip­tide said. 

Anoth­er Twit­ter user, smartcontracts.eth, com­ment­ed that “rollups are still heav­i­ly in devel­op­ment,” cau­tion­ing his fol­low­ers to be care­ful on layer‑2 pro­to­cols. A layer‑2 refers to a mech­a­nism built on top of a blockchain’s core lay­er, typ­i­cal­ly to increase scal­a­bil­i­ty or speed, plus intro­duce addi­tion­al features. 

A sim­i­lar bug was seen in the token bridge Nomad’s smart con­tract, which cost the pro­to­col  $190 mil­lion in cryp­tocur­ren­cy in the third-biggest cryp­tocur­ren­cy hack of the year.

Arbi­trum recent­ly launched Nitro exact­ly one year after the rollup’s now-defunct first iter­a­tion and ahead of the Merge.

Arbitrum NFTs

Addi­tion­al­ly, Arbi­trum plans to inte­grate with NFT mar­ket­place OpenSea on Wednesday. 

A slew of NFT col­lec­tions built on Arbi­trum will be avail­able to buy and sell direct­ly on OpenSea.

OpenSea tweet­ed that cre­ators would need to find their col­lec­tions and set their cre­ator fees directly. 

The mar­ket­place recent­ly added the roy­al­ties per­cent­ages front-and-cen­ter on a collection’s page.


Get the day’s top cryp­to news and insights deliv­ered to your inbox every evening. Sub­scribe to Block­works’ free newslet­ter now.


  • Ornel­la Hernandez

    Block­works

    Reporter

    Ornel­la is a Mia­mi-based mul­ti­me­dia jour­nal­ist cov­er­ing NFTs, the meta­verse and DeFi. Pri­or to join­ing Block­works, she report­ed for Coin­tele­graph and has also worked for TV out­lets such as CNBC and Tele­mu­n­do. She orig­i­nal­ly began invest­ing in ethereum after hear­ing about it from her dad and has­n’t looked back. She speaks Eng­lish, Span­ish, French and Ital­ian. Con­tact Ornel­la at [email pro­tect­ed]



Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published.