An anonymous whitehat, "0xriptide," has been rewarded 400 $ETH (about $520,000) for discovering a vulnerability in Arbitrum's payment code that could have resulted in the loss of $250 million. 0xriptide said his initial search for the Arbitrum exploit began a few weeks ago ahead of the Arbitrum Nitro upgrade. Upon his initial investigation, he found a vulnerability where the bridging contract was able to accept deposits, even though the contract was initialized previously. After digging into the uninitialized address, 0xriptide found that a hacker would be able to set their own address as the bridge, mimicking the actual contract, and steal all the incoming $ETH deposits from Etheruem to Arbitrum Nitro.
Arbitrum
Ethereum
Security Incidents