White hat hacker detects critical bug in Ethereum and Arbitrum bridge



White hat hacker detects critical bug in Ethereum and Arbitrum bridge

A self-identified white hat hacker detected a “million dollar security vulnerability” on the bridge connecting Ethereum and Arbitrum Nitro, and in return 400 Ether (ETH) received a bug-finding award.

The hacker, known as “riptide” on Twitter, said that thanks to the security vulnerability, malicious people can create their own bridge addresses using the initialization function, which can capture all ETH belonging to those who want to transfer funds using a bridge from Ethereum to Arbitrum Nitro.

Riptide, vulnerability dated Sep 20th Medium by post explained:

“We could purposely target loaded ETH transactions, siphon off any deposits that crossed the bridge, or wait and attack the next big ETH deposit to stay hidden for a long time.”

In the event of such a cyber-attack, they and even hundreds of millions of ETH could be stolen. The largest transaction to Riptide involved 168K ETH worth over $225M. The size of deposits made during the 24-hour period generally ranged from 1000 to 5000 ETH, ie between $1.34 million and $6.7 million.

Riptide thanked the “extremely reasonable Arbitrum team” for a reward of 400 ETH, or about $536,000. Still, the white-hat hacker added that he thinks this type of bug detection deserves the maximum reward.

Neither Arbitrum nor its parent company, OffChain Labs, made a statement regarding the security vulnerability. Cointelegraph tried to contact OffChain Labs but got no response.



Soruce : https://tr.cointelegraph.com/news/white-hat-finds-huge-vulnerability-in-eth-to-arbitrum-bridge-wen-max-bounty

Leave a comment

SMM Panel PDF Kitap indir