White hat hacker grumbles over Arbitrum bounty reward after saving network from $475M loss

Please fol­low and like us:
Pin Share

Rip­tide, a white hat hack­er that dis­cov­ered a vul­ner­a­bil­i­ty on Arbi­trum, tweet­ed that his find was eli­gi­ble for the max boun­ty reward of $2 mil­lion instead of the 400 ETH ($53,000) reward he got.

Ethereum scal­ing tool Arbi­trum escaped a mul­ti­mil­lion-dol­lar hack after the hack­er spot­ted a vul­ner­a­bil­i­ty in the bridge con­nect­ing the layer2 net­work to ETH’s main­net. The vul­ner­a­bil­i­ty affect­ed how trans­ac­tions are sub­mit­ted and processed on the net­work and would have allowed mali­cious play­ers to steal all the funds sent to the layer2 network.

The vulnerability

Accord­ing to the white hat hack­er, incom­ing trans­ac­tions to Arbi­trum through the bridge could be hijacked by mali­cious play­ers who could set their address as the recip­i­ent address.

Rip­tide con­tin­ued that such an exploit could have gone unde­tect­ed for a long time if the hack­er tar­get­ed only large ETH deposits, or they could have just front-ran the next major ETH deposit.

Giv­en that the largest deposit on the inbox con­tract in the last 24 hours was 168,000 ETH ($250 mil­lion), exploit­ing the vul­ner­a­bil­i­ty could have led to a loss of hun­dreds of millions.

Bounty reward

While Rip­tide ini­tial­ly praised Arbi­trum for the 400 ETH reward, the white hat hack­er lat­er tweet­ed that his work deserved the max­i­mum boun­ty of $2 million.

Rip­tide said:

“My point is that if you post a $2mm boun­ty — be pre­pared to pay it when it’s jus­ti­fied. Oth­er­wise, just say the max boun­ty is 400 ETH and be done with it. Hack­ers watch which projects pay out and which do not. IMO not a good idea to incen­tivize a white­hat to go blackhat.”

Riptide’s new com­ments were made after a Twit­ter user showed that the bridge was recent­ly used to trans­fer over $400 million.

Mean­while, bridge exploits are one of the biggest secu­ri­ty con­cerns in the cryp­to indus­try present­ly. Attacks on bridges have led to the loss of almost $1 bil­lion in the past year alone.



Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published. Required fields are marked *