Arbitrum Rewards Hacker With 400 ETH For Detecting a Critical $400M Vulnerability


On September 19, Arbitrum, one of the well-liked Layer 2 options for Ethereum, paid 400 ETH (about $560,000) to a white hat hacker who discovered a possible vulnerability in its code.

The white hat hacker, identified on Twitter as Riptide, finds vulnerabilities inside good contracts written in Solidity. Riptide stated the “multi-million greenback vulnerability” may doubtlessly have an effect on anybody who needed to trade funds from Ethereum to Arbitrum Nitro.

Arbitrum Prevented Hundreds of thousands of {Dollars} in Losses

The hacker completely scanned the Arbitrum Nitro code a number of weeks earlier than it was launched, checking the contracts so they may “see if the replace had been a hit.”

After the improve, Riptide observed some errors that prevented the bridge from working appropriately. Upon additional inspection, Riptide observed that the inbox sequencer was experiencing a delay.

“A consumer can ship a message to the Sequencer by signing and publishing an L1 transaction within the Arbitrum chain’s Delayed Inbox. This performance is mostly used for depositing ETH or tokens through a bridge.”

After rescanning the contract, Riptide confirmed that the inbox sequencer bug allowed a crucial vulnerability within the contract by which Riptide or one other malicious hacker may have obtained tens of millions of {dollars} by diverting incoming ETH deposits from the L1 to the L2 bridge into their wallets earlier than being detected.

Nonetheless, Riptide determined to report the vulnerability and apply for a reward as a substitute, which to their shock, was simply 400 ETH as a substitute of the $2 million reward Arbitrum supplied as its most tier. Upon receiving the reward, the hacker argued that it was not according to the significance of the bug and the danger it entailed.

It’s value mentioning that in March 2022, Arbitrum was the sufferer of an exploit through which a hacker or a gaggle of hackers stole greater than 100 NFT from TreasureDAO, with a valuation of no less than $1.4 million.

White Hat Hackers: A Profitable Enterprise in Crypto-Land

Unbiased auditing is of giant significance within the crypto ecosystem. Over the course of the 12 months, a number of platforms have opted to pay bounties to white hat hackers who report potential vulnerabilities of their code or good contracts.

For instance, in mid-February, Coinbase paid “the biggest bounty in its historical past” ($250,000) to a hacker named “Tree of Alpha” for saving them from a billion-dollar loss attributable to a flaw within the “Superior Buying and selling” characteristic.

On the time, Tree of Alpha was grateful for the cost stating that it may serve him properly in retirement; nonetheless, like Riptide, he famous that “the next bounty may need been good to discourage extra grey hats from exploiting vulnerabilities.”

Additionally,  Jay “Saurik” Freeman —who works with the decentralized VPN protocol Orchid and is a legend within the iOS jailbreak neighborhood—obtained over $2 million for reporting a vulnerability in Optimism, a “layer 2 scaling resolution” for Ethereum.

Binance Free $100 (Unique): Use this hyperlink to register and obtain $100 free and 10% off charges on Binance Futures first month (phrases).

PrimeXBT Particular Provide: Use this hyperlink to register & enter POTATO50 code to obtain as much as $7,000 in your deposits.

Source link

Leave A Reply

Your email address will not be published.