Byline: Craig Brogan
On September 19, one of the most well-liked Layer 2 Ethereum solutions, Arbitrum, rewarded a white hat hacker 400 ETH (about $560,000) for uncovering a potential flaw in its code.
The white hat hacker, known as Riptide on Twitter, found the Solidity-written intelligent contracts to have vulnerabilities. According to Riptide, the “multi-million dollar vulnerability” may affect anyone wishing to transfer money from Ethereum to Arbitrum Nitro.
Arbitrum Prevents Losses Worth Millions of Dollars:
A few weeks before its release, the hacker carefully examined the Arbitrum Nitro code, reviewing the contracts to “see if the update had been a success.”
Riptide discovered various issues preventing the bridge from functioning correctly after the upgrade. After further examination, Riptide found that the inbox sequencer was running slowly.
Riptide confirmed by saying that “a client can send a message to the Sequencer by signing and publishing an L1 transaction in the Arbitrum chain’s Delayed Inbox. This functionality is commonly used for depositing ETH or tokens via a bridge.”
Following a second scan of the contract, Riptide was able to confirm that the inbox sequencer bug had created a severe flaw that could have allowed Riptide or another malicious hacker to steal millions of dollars by diverting incoming ETH deposits from the L1 to the L2 bridge into their wallets without being noticed.
Instead of waiting for the $2 million incentive that Arbitrum promised as its top tier, Riptide chose to report the vulnerability and request a reward which, to their surprise, was just 400 ETH. The hacker protested the payment after getting it, saying it was out of proportion to the significance of the defect and the risk it carried.
“My point is that if you post a $2mm bounty- be prepared to pay it when it’s justified. Otherwise, just say the max bounty is 400 ETH and be done with it. Hackers watch which projects pay out and which do not. IMO not a good idea to incentivize a whitehat to go blackhat.” — Riptide (@0xriptide) September 20, 2022
It is important to note that in March 2022, Arbitrum fell victim to an exploit in which an individual or group stole more than 100 NFT from TreasureDAO, valued at least $1.4 million.
White Hat Hackers: A Successful Job in the Crypto Industry
In the environment surrounding cryptocurrencies, independent auditing is crucial. Several platforms have chosen to reward white hat hackers who uncover potential security flaws in their code or smart contracts throughout the year.
For instance, Coinbase paid “the greatest bounty in company history” to a hacker by the name of “Tree of Alpha” in the middle of February to spare them from a billion-dollar loss as a result of a bug in the “Advanced Trading” tool. The hacker received $250,000.
However, like Riptide, Tree of Alpha commented that “a greater bounty could have been prudent to dissuade future grey hats from exploiting vulnerabilities.” At the time, Tree of Alpha expressed gratitude for the payout and said it could serve him well in retirement.
Jay “Saurik” Freeman, a star in the iOS jailbreak community and a developer for the decentralized VPN protocol Orchid, got almost $2 million for disclosing a flaw in Optimism, an Ethereum “layer 2 scaling solution.”
The primary objective of white hat hackers is the same regardless of the industry. They secure the systems for users and ensure that the market is equitable for all players. Every information system has flaws, especially when it comes to assets. But at the end of the day, nobody wants to lose their money.
In the cryptocurrency market, whitehats act as threat-eradication agents. They run pen tests to find potential security weaknesses in the system, conduct stress testing to check for malicious software, or even purposefully launch DoS or DDoS attacks. They thereby raise the level of security for the cryptocurrency market.
A new Internet era known as Web 3.0 and a fully digital world is on the horizon. One essential element of this process is the crypto space. Because of this, white hat hackers play a crucial role in levelling the playing field and hastening the development of web 3.0.
The Bitcode Method review remarked that decentralised finance is a weak economy sector with anonymous founders, open-source code, and billions of dollars vulnerable to risk. This massive funding has produced an incentive structure favouring teams that produce coins quickly. That cynicism is crucial. The current climate may be excessively hopeful, enticing investors and DeFi users with protocols that may never function or be harmful. An issue that a large portion of the cryptocurrency industry does not appear willing to acknowledge is that this lack of control, coupled with the nature of open-source programming, creates the ideal setting for hackers and scammers, which white hat hackers expose.
You may also like: How to Profit from Ethereum Trading
Image source: Shutterstock.com