A white hat hacker Ethereum discovered a bug in the latest update of Arbitrum, the scaling network, that could lead to the theft of over $530 million.
Hacker Discovering Critical Error in Ethereum Scaling Platform Arbitrum Awarded 400 ETH
Earlier this week, Arbitrum founder OffChain Labs rewarded the hacker operating under the pseudonym 0xriptide with a bounty of 400 ETH (approximately $530,000 worth) for sharing the discovery.
No big deal just bridging a cool $470mm through the same Inbox contract 👀
Definitely should be eligible for a max bounty
🤯 https://t.co/w7S58QNQZu
— riptide (@0xriptide) September 20, 2022
Arbitrum released its latest update, Nitro, on August 31, ahead of ETH Merge, the transition of the Ethereum network from the Proof of Work consensus mechanism to the Proof of Stake.
Right after the launch of Arbitrum Nitro, 0xriptide began scanning the platform’s code to look for any vulnerabilities, according to a blog post detailing its discovery.
Ethereum scaling networks, such as Arbitrum, cause the slow speed and costly transaction fees of the ETH mainnet to account for large amounts of cryptocurrency It routes the transaction by completing the transaction on a separate chain and then transferring them back to the ETH mainnet as a single transaction.
Doing so significantly increases the speed and affordability of ETH transactions, but can also expose users to security vulnerabilities.
0xriptide discovered that the bridge between the Ethereum mainnet and Arbitrum Nitro contained a flaw that would allow any skilled hacker to replace Arbitrum’s destination address with its own.
Essentially, any funds that needed to flow from ETH to Aribitrum could instead be diverted directly to a hacker’s wallet.
According to 0xriptide, a hacker could use this bug to either select large individual deposits to avoid detection or to siphon Arbitrum’s entire incoming deposit flow.
According to data from the Dune Analytics panel, between the time the Artibrum Nitro update debuted at the end of August and the date 0xriptide reported the bug to OffChain Labs, more than 400,000 ETH or $534 million in text were transferred from Ethereum to Arbitrum.
Upon confirmation of the flaw in Arbitrum Nitro, developer company OffChain Labs sent a payment of 400 ETH (just over $530,000) to 0xriptide via web3 bug bounty platform ImmuneFi.
*Not investment advice.
For exclusive news, analytics and on-chain data Telegram our group, twitter our account and YouTube Follow our channel now! Moreover Android and iOS Start live price tracking right now by downloading our apps!