Recently, a self-proclaimed white-hat hacker has found an enormous vulnerability in the bridge link between Ethereum and Arbitrum Nitro.
The hacker known as ‘Riptide’ on Twitter, mentioned that the vulnerability in the bridge will allow hackers to intercept all the funds that users are trying to bridge from Ethereum to Arbitrum Nitro.
Riptide explained in their medium post saying, “We could either selectively target large ETH deposits to remain undetected for a longer period of time, siphon up every single deposit that comes through the bridge, or wait and just front-run the next massive ETH deposit.”
Apparently, this weakness could have cost tens or hundreds of millions worth of ETH, the largest sum Riptide had recorded was 168,000 ETH amounting to more than $225 million.
Riptide could have easily earned this sum in unethical ways however, the Arbitrum team had rewarded him with 400 ETH which is worth more than $536,500. He expressed his gratitude to the team, although later, Riptide mentioned that they should have received the maximum bounty ($2 million) for finding this vulnerability.
Arbitrum nor the parent company, OffChain Labs have addressed this issue publicly. Media companies have reached out to OffChain Labs for a statement, however, they are yet to hear from them.
Arbitrum, on August 31st, went through an upgrade that was aimed to facilitate communication between Arbitrum and Ethereum and increase transactions with lower fees. Many vulnerabilities like this have been popping up recently. Many hackers have opted for the illegal way to earn money like $100 million stolen from Horizon Bridge in June and $190 million in August. It does not end here, many hackers keep exploiting the same vulnerability inducing a continuous amount of money being stolen.