White hat hacker grumbles over Arbitrum bounty reward after saving community from 5M loss

White hat hacker grumbles over Arbitrum bounty reward after saving community from $475M loss

by Jeremy

Riptide, a white hat hacker that found a vulnerability on Arbitrum, tweeted that his discover was eligible for the max bounty reward of $2 million as an alternative of the 400 ETH ($53,000) reward he bought.

Ethereum scaling instrument Arbitrum escaped a multimillion-dollar hack after the hacker noticed a vulnerability within the bridge connecting the layer2 community to ETH’s mainnet. The vulnerability affected how transactions are submitted and processed on the community and would have allowed malicious gamers to steal all of the funds despatched to the layer2 community.

The vulnerability

In accordance to the white hat hacker, incoming transactions to Arbitrum by means of the bridge may very well be hijacked by malicious gamers who may set their deal with because the recipient deal with.

Riptide continued that such an exploit may have gone undetected for a very long time if the hacker focused solely massive ETH deposits, or they may have simply front-ran the subsequent main ETH deposit.

Provided that the most important deposit on the inbox contract within the final 24 hours was 168,000 ETH ($250 million), exploiting the vulnerability may have led to a lack of a whole bunch of thousands and thousands.

Bounty reward

Whereas Riptide initially praised Arbitrum for the 400 ETH reward, the white hat hacker later tweeted that his work deserved the utmost bounty of $2 million.

Riptide stated:

“My level is that in the event you submit a $2mm bounty — be ready to pay it when it’s justified. In any other case, simply say the max bounty is 400 ETH and be achieved with it. Hackers watch which initiatives pay out and which don’t. IMO not a good suggestion to incentivize a whitehat to go blackhat.”

Riptide’s new feedback had been made after a Twitter consumer confirmed that the bridge was not too long ago used to switch over $400 million.

In the meantime, bridge exploits are one of many largest safety considerations within the crypto business presently. Assaults on bridges have led to the loss of virtually $1 billion previously 12 months alone.



Supply hyperlink

Related Posts

You have not selected any currency to display