Arbitrum expert claims Optimism bridge hack
Hacker took advantage of exploit to mine 200 billion BitBTC
The vulnerability has been fixed, with the hacker claiming he was only testing the system
Yesterday morning, October 18, Arbitrum CTO Lee Bousfield announced that Optimism Bridge is vulnerable to hacking attacks. Unfortunately, an unknown attacker managed to take advantage of it to mint $200 billion of BitBTC. But he soon came forward with an excuse.
According to Bousfield’s statement, he immediately reached out to the BitBTC team, but there was no response for a long time. Hoping to be heard, he published a detailed report about the exploit on Twitter.
The vulnerability hides in the chain between L1 Ethereum and L2 Optimism. The L2 Optimism side allows any token to be taken off with an address flagged at level 1, where it will be credited.
But the L1 side simply ignores which token was withdrawn at L2 in the first place. An attacker can issue anything and then simply replace the L1 address with the correct one, such as BitBTC.
Once through the bridge, the system already charges real tokens. In this way, the hacker “siphoned off” 200 billion BitBTC. The administration had to urgently fix the vulnerability, otherwise the hacker’s actions would have been irreversible.
Closer to the evening of Tuesday, October 18, the BitBTC team did roll out a patch. This, again, was announced by Bousfield. The hacker himself also got in touch. According to him, the hack was part of a test of a possible attack vector, and there is no reason to panic.
The BNB Chain network was hacked in a similar way. The hacker was able to steal more than $100 million as a result of the attack. The administration issued an emergency patch to close the loophole