A white hat hacker recently discovered a bug within the latest upgrade for Arbitrum that could have led to the theft of over $530 million from the network.
And earlier this week, Arbitrum builder OffChain Labs compensated the hacker, who operates under the pseudonym 0xriptide, with a bounty of 400 ETH ( approximately $530,000).
On August 31, Arbitrum launched its latest upgrade, Nitro in preparation for the Ethereum merge. And following the launch of Arbitrum Nitro, 0xriptide began scouring its code in search of any vulnerabilities.
0xriptide discovered that the bridge between the Ethereum mainnet and Arbitrum Nitro contained a flaw that would allow any industrious hacker to replace Arbitrum’s destination address with their own. Essentially, any funds meant to flow from Ethereum into Aribitrum could instead be redirected straight into a hacker’s wallet.
According to 0xriptide, a hacker could have manipulated the bug to either selectively pick off massive individual deposits and avoid detection, or siphoned off Arbitrum’s entire incoming deposit flow.