White hat hacker grumbles over Arbitrum bounty reward after saving network from $475M loss

Must read

FTX looking to raise $1B in funding at $32B valuation

FTX looking to raise $1B in funding at $32B valuation Zeynep Geylan · 15 mins ago · 2 min read...

India considering GST on crypto transactions amid evaluation of sector’s legality

India considering GST on crypto transactions amid evaluation of sector’s legality Cynthia Chung · 1 hour ago · 2 min...

Zilliqa launches web3 gaming console with in-built miner and crypto wallet

Zilliqa launches web3 gaming console with in-built miner and crypto wallet Liam 'Akiba' Wright · 2 hours ago · 2...

Binance sets up global advisory board to drive responsible regulation of crypto

Binance sets up global advisory board to drive responsible regulation of crypto Christian Nwobodo · 2 hours ago · 2...

White hat hacker grumbles over Arbitrum bounty reward after saving network from $475M loss White hat hacker grumbles over Arbitrum bounty reward after saving network from $475M loss Oluwapelumi Adejumo · 51 seconds ago · 2 min read

The white hat hacker believes his discovery deserves the full $2 million max bounty reward instead of only 400 ETH.

2 min read

Updated: September 21, 2022 at 1:47 pm

White hat hacker grumbles over Arbitrum bounty reward after saving network from $475M loss

Cover art/illustration via CryptoSlate

Xeggex

Riptide, a white hat hacker that discovered a vulnerability on Arbitrum, tweeted that his find was eligible for the max bounty reward of $2 million instead of the 400 ETH ($53,000) reward he got.

No big deal just bridging a cool $470mm through the same Inbox contract 👀

Definitely should be eligible for a max bounty

🤯 https://t.co/w7S58QNQZu

— riptide (@0xriptide) September 20, 2022

Ethereum scaling tool Arbitrum escaped a multimillion-dollar hack after the hacker spotted a vulnerability in the bridge connecting the layer2 network to ETH’s mainnet. The vulnerability affected how transactions are submitted and processed on the network and would have allowed malicious players to steal all the funds sent to the layer2 network.

The vulnerability

According to the white hat hacker, incoming transactions to Arbitrum through the bridge could be hijacked by malicious players who could set their address as the recipient address.

Riptide continued that such an exploit could have gone undetected for a long time if the hacker targeted only large ETH deposits, or they could have just front-ran the next major ETH deposit.

Given that the largest deposit on the inbox contract in the last 24 hours was 168,000 ETH ($250 million), exploiting the vulnerability could have led to a loss of hundreds of millions.

Bounty reward

While Riptide initially praised Arbitrum for the 400 ETH reward, the white hat hacker later tweeted that his work deserved the maximum bounty of $2 million.

Riptide said:

“My point is that if you post a $2mm bounty — be prepared to pay it when it’s justified. Otherwise, just say the max bounty is 400 ETH and be done with it. Hackers watch which projects pay out and which do not. IMO not a good idea to incentivize a whitehat to go blackhat.”

Riptide’s new comments were made after a Twitter user showed that the bridge was recently used to transfer over $400 million.

Doing this again since my other quote tweet got censored by tweeter. Arbitrum bridge bug is critical bridge bug #3 caused by bad initializers, in case we needed another reason to get rid of initializers. Surprised Arbitrum only paid 400 ETH and not max bounty given deposits like: https://t.co/Lx32UVjDtF pic.twitter.com/cmSx1HMI1k

— smartcontracts.eth (✨🔴_🔴✨) (@kelvinfichter) September 20, 2022

Meanwhile, bridge exploits are one of the biggest security concerns in the crypto industry presently. Attacks on bridges have led to the loss of almost $1 billion in the past year alone.

More articles

Latest article

FTX looking to raise $1B in funding at $32B valuation

FTX looking to raise $1B in funding at $32B valuation Zeynep Geylan · 15 mins ago · 2 min read...

India considering GST on crypto transactions amid evaluation of sector’s legality

India considering GST on crypto transactions amid evaluation of sector’s legality Cynthia Chung · 1 hour ago · 2 min...

Zilliqa launches web3 gaming console with in-built miner and crypto wallet

Zilliqa launches web3 gaming console with in-built miner and crypto wallet Liam 'Akiba' Wright · 2 hours ago · 2...

Binance sets up global advisory board to drive responsible regulation of crypto

Binance sets up global advisory board to drive responsible regulation of crypto Christian Nwobodo · 2 hours ago · 2...

Helium community votes to migrate to Solana, scores new T-Mobile partnership

Helium community votes to migrate to Solana, scores new T-Mobile partnership Oluwapelumi Adejumo · 3 hours ago · 2 min...