Twitter user saves cross-chain bridge from potential exploit

Published at: Oct. 20, 2022

A cross-chain bridge between BitBTC and the Ethereum layer-2 network Optimism has been able to avoid a potentially costly exploit thanks to the work of an eagle-eyed Twitter user.

The custom cross-chain bridge offers a ramp for users to send assets between Optimism’s network and BitAnt's decentralized finance (DeFi) ecosystem, which includes yield services, NFTs, swaps and the BitBTC token, in which 1 million BitBTC represents 1 Bitcoin (BTC).

The BitBTC bridge bug was highlighted by L2 network Abirtrum tech lead Lee Bousfield in an Oct. 18 Twitter post, warning that “BitBTC's Optimism bridge is trivially vulnerable.”

Bousfield said he published the Tweet as the “team has ignored my messages, so I'm going to publish the critical exploit here.”

BitBTC's Optimism bridge is trivially vulnerable. Their team has ignored my messages, so I'm going to publish the critical exploit here. https://t.co/onyN9SzBjt

— Lee Bousfield (@PlasmaPower0) October 18, 2022

According to Bousfield, the BitBTC bridge had a bug that would allow an attacker to mint fake tokens on one side of the bridge, and swap them for real ones on the other.

“The Optimism L2 side of the bridge lets you withdraw any token, and it let's that token pick the L1Token address passed to the L1 side of the bridge. However, the L1 bridge completely ignores what the L2 token was, and just goes ahead and mints the arbitrary L1 token!” he wrote, adding that:

“That means an attacker could deploy their own token on Optimism, give themselves all the supply, and set that token's L1 Token to the real BitBTC L1 address.”

For the bug to be exploited successfully, Bousfield outlined that it would take “7 days to go through, during which the L1 bridge could be fixed via an upgrade.”

Shortly after noting such, someone went on to test that theory, with an attacker attempting to withdraw “200 billion fake BitBTC from Optimism.”

The attacker reportedly claimed that it was merea test.

Bousfield also noted in a subsequent update around 10 hours later that the bug had since been patched after he managed to get in contact with the BitBTC team.

Cointelegraph has reached out to the BitAnt team for confirmation on these details and will update the story if they respond.

Related: Ethereum Alarm Clock exploit leads to $260K in stolen gas fees so far

Optimism developer Kevin Fichter on Oct. 18 confirmed that the bug was on BitBTC’s side of things as it had used its own custom bridge as opposed to Optimism’s standard bridge it offers to partners.

Fichter also noted that assets “other than BitBTC are not at risk,” adding that there was a lot of “time and energy placed into the standard bridge” and encouraged people to use the standard bridge “unless you know what you’re doing.”

Tags
Blockchain
Defi
Smart Contracts
Layer2
Related Posts
Stacks’ Mitchell Cuevas talks building integrated DeFi bridges for Bitcoin users
The Stacks ecosystem is a collection of independent entities, developers and community members working to build a user-owned internet on the Bitcoin (BTC) blockchain. Stacks’ STX cryptocurrency was distributed to the general public through the first-ever Securities and Exchange Commission-qualified token offering in the United States. Mitchell Cuevas, head of growth for the Stacks Foundation, held an exclusive ask-me-anything, or AMA, session with Cointelegraph Markets Pro users on Dec. 2. During the session, he discussed the Stacks blockchain’s technological capabilities, future growth and major developments. Cointelegraph Markets Pro User: PoW [proof-of-work] blockchains are known to be the most secure. Does …
Adoption / Dec. 9, 2021
Gelato raises $11M from heavyweight backers for Web 3.0 automation
Smart contract automation network Gelato has become the latest to receive big backing from crypto venture capital giants. Gelato has raised $11 million in a Series A funding round led by Dragonfly Capital and with participation from ParaFi Capital, Nascent, IDEO CoLab Ventures and Aave founder Stani Kulechov. The funds were raised through a closed-door token sale and will go toward onboarding more blockchains to the network and increasing its staff from the current team of 15. Gelato automates Ethereum smart contract operations by using what it calls “arbitrary logic” and bots. Its most prominent use case is addressing liquidity …
Blockchain / Oct. 8, 2021
How a decentralized identity platform could transform driving forever
An open-source blockchain specializing in digital identity and data has held a live ask-me-anything session with Cointelegraph. Erick Pinos, Ontology’s Americas ecosystem lead, said the company is constantly making upgrades to its protocol — meaning big improvements have been made since it was initially released in 2017. “Our virtual machine can handle a lot more complex transactions at the same time — and a lot more complexity in what developers can build,” Pinos noted. “We’ve always been making improvements to the core protocol, but we’re also focused a lot on smart contracts and tools that are built on top of …
Blockchain / Sept. 7, 2020
Altcoins hit new highs after bulls kick Bitcoin price back above $50K
Cryptocurrency investors breathed a sigh of relief on April 26 as the sharp reversal in the price of Bitcoin (BTC) was accompanied by a marketwide recovery that has a majority of altcoins seeing green. It's likely that the breakout was aided by bullish assessments from JPMorgan Chase analysts and PayPal's announcement that demand for purchasing cryptocurrencies had surpassed expectations. Data from Cointelegraph Markets and TradingView shows that after bouncing off a low near $47,000, Bitcoin roared back above the $50,000 support level and climbed above $53,500, while Ether (ETH) reclaimed $2,500. Last week’s market pullback did little to slow the …
Blockchain / April 26, 2021
Ethereum scaling network Arbitrum set for major upgrade on Aug. 31
Ethereum layer-2 scaling solution Arbitrum is set to undergo one of its most significant upgrades on Wednesday, set to increase transaction throughput, slash transaction fees and simplify cross-chain communication between Arbitrum and Ethereum. Referred to as the “Nitro” upgrade, Arbitrum reconfirmed the date of the upgrade in a Twitter post on Aug. 29, confirming that the upgrade will take effect on Aug. 31 at 10:30 AM Eastern Time, while noting a two to four hours of network downtime period is to be expected. Reminder — Arbitrum One is upgrading to Nitro on Wednesday 8/31. There will be 2-4 hours of …
Adoption / Aug. 30, 2022