Arbitrum, a popular Layer 2 solution for Ethereum, got involved with a white hat hacker on September 19. According to a source, the hacker discovered a potential vulnerability in Arbitrum’s code. As a result, the network used 400 ETHs, worth about $560,000, as a pay-off.
Over the years, many hacks and exploits have hit the crypto industry in different dimensions. Some hacking incidents are linked to vulnerabilities that hackers discover in the crypto networks.
Some white hat hackers will sometimes settle and receive a bounty from the protocols. But other hackers will cart away available funds they find from the lapses on the network.
The hacker, called Riptide on Twitter, uncovered lapses in the smart contracts written in Solidity. Riptide was discovered after scanning the Arbitrum Nitro code some weeks before its release. The hacker wanted to verify the contracts to ascertain that their update was a success.
Hacker Discovered Vulnerability In Arbitrum L1-L2 Bridge
Following the complete update, Riptide picked out some errors with the bridge that hindered its seamless operation. Finally, the hacker made some detailed checks and discovered a delay in the inbox sequencer of the bridge.
According to Riptide, a user can sign and publish an L1 transaction in the Delayed Inbox of the Arbitrum chain to send a message to the Sequencer. Such a process mainly applies when using a bridge to deposit ETH or other tokens.
By rescanning the contract, the hacker acknowledged a critical vulnerability in the contract. Riptide noted the inbox sequencer has a bug through which he or any lousy actor could siphon millions of dollars.
Before getting noticed, they could divert incoming ETH deposits from the L1 to the L2 bridge to their wallets.
Upon his discovery, Riptide reported the vulnerability to Arbitrum and requested a reward of just 400 ETH. However, the outplay surprised Arbitrum as they have already offered a maximum of $2 million to the hacker.
Crypto Space And White Hat Hacking
The crypto space has faced several white hat hacking. Such hacks on different platforms are linked with discovering potential vulnerabilities in the network’s smart contracts or the code.
Also, Coinbase parted with $250,000 to a hacker known as ‘Tree of Alpha’ in the middle of February. The hacker discovered a lapse in the ‘Advanced Trading’ feature of the crypto exchange and saved about a billion-dollar loss. Coinbase reported that the payment is the enormous bounty in its history.
Recall that in March 2022, Arbitrum suffered an exploit from hacking and lost over 100 NFT from TreasureDAO. The tokens were worth about $1.4 million at the time of the incident.