A user has discovered a BitBTC-Optimism Bridge vulnerability that allows an attacker to generate fake tokens on one side of the bridge and exchange them for real tokens on the other side. The bug was identified on the BitBTC side. After 10 hours, the vulnerability was patched.

On October 18, a user with Twitter account @PlasmaPower0 prevented a possible future cross-chain bridge attack of BitBTC-Optimism Bridge.

The vulnerability he discovered could allow an attacker to generate fake tokens on one side of the bridge and exchange them for real tokens on the other side.

“The Optimism L2 side of the bridge lets you withdraw any token, and it let’s that token pick the L1Token address passed to the L1 side of the bridge. However, the L1 bridge completely ignores what the L2 token was, and just goes ahead and mints the arbitrary L1 token”

He wrote

For the exploit to be successful, Bousfield pointed out that it would take 7 days to cross, during which the L1 bridge could be fixed through an upgrade.

Shortly after noting that, someone went on to test that theory, with an attacker attempting to withdraw “200 billion fake BitBTC from Optimism”. Fortunately, the hacker claimed that it was just a test to expose the vulnerability to developers.

After 10 hours of trying to contact the BitBTC team, the vulnerability has also been fixed.

Optimism developer Kevin Fichter on October 18 confirmed that the bug was on BitBTC’s side as it used its own custom bridge instead of Optimism’s standard bridge that it provides to partners and encourages people to use the standard bridge ‘unless you know what you’re doing”.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Website: coincu.com

Foxy

CoinCu News

# Cryptocurrencies

Bridge Hacker

crosschain

crypto

hack

optimism

vulnerability

Author

Andy

Related Posts

• Crypto Fundraising Dips 23% In Q1 2024 But Still Shows Optimistic Background
• UAE Crypto Adoption Leads Middle East With 72% Rate
• DYOR: A Comprehensive Guide to Researching Crypto Coins
• Crypto Prime Brokerage Hidden Road Partners Targets New Funding Round Of $120 Million
• Market Overview (Apr 8 – Apr 14): Bitcoin ETF Trends and Geopolitical Tensions Shake Crypto Market
• FixedFloat Attack Continues to Occur Related to The February 16 Hack
• Beribit In Russia Causes Outrage When Detaining More Than $4 Million Of Customers
• Top Crypto Market Makers You Should Know

Scam Alert

BitBTC-Optimism Bridge Vulnerability Fixed Timely Thanks To Twitter Users

A user has discovered a BitBTC-Optimism Bridge vulnerability that allows an attacker to generate fake tokens on one side of the bridge and exchange them for real tokens on the other side. The bug was identified on the BitBTC side. After 10 hours, the vulnerability was patched.

On October 18, a user with Twitter account @PlasmaPower0 prevented a possible future cross-chain bridge attack of BitBTC-Optimism Bridge.

BitBTC's Optimism bridge is trivially vulnerable. Their team has ignored my messages, so I'm going to publish the critical exploit here. ????https://t.co/onyN9SzBjt

— Lee Bousfield (plasmapower.eth) (@PlasmaPower0) October 18, 2022

The vulnerability he discovered could allow an attacker to generate fake tokens on one side of the bridge and exchange them for real tokens on the other side.

“The Optimism L2 side of the bridge lets you withdraw any token, and it let’s that token pick the L1Token address passed to the L1 side of the bridge. However, the L1 bridge completely ignores what the L2 token was, and just goes ahead and mints the arbitrary L1 token”

He wrote

For the exploit to be successful, Bousfield pointed out that it would take 7 days to cross, during which the L1 bridge could be fixed through an upgrade.

Shortly after noting that, someone went on to test that theory, with an attacker attempting to withdraw “200 billion fake BitBTC from Optimism”. Fortunately, the hacker claimed that it was just a test to expose the vulnerability to developers.

After 10 hours of trying to contact the BitBTC team, the vulnerability has also been fixed.

Sigh, just to be clear here, this is a bug in BitBTC's code and NOT a bug in Optimism's code. BitBTC has a custom bridge and doesn't use the standard bridge that Optimism provides. Probably worth clarifying this in the main thread.

— smartcontracts.eth (✨????_????✨) (@kelvinfichter) October 18, 2022

Optimism developer Kevin Fichter on October 18 confirmed that the bug was on BitBTC’s side as it used its own custom bridge instead of Optimism’s standard bridge that it provides to partners and encourages people to use the standard bridge ‘unless you know what you’re doing”.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Website: coincu.com

Foxy

CoinCu News

Visited 62 times, 1 visit(s) today

Other Posts

Related Posts

Knowledge

- 108 days ago 12 mins

Fiat To Fiat Converter: Detailed Guide For Beginners And Important Notes

Knowledge

- 108 days ago 12 mins

Crypto To Crypto Converter: Detailed Guide For Beginners And Important Notes

Knowledge

- 54 days ago 13 mins

Free Bitcoin Code 2024: Easy Way To Own Bitcoin

Knowledge

- 9 days ago 12 mins

Bitcoin Mining: How Long Does It Take to Mine 1 Bitcoin?

News

- 8 hours ago 2 mins

Hong Kong Crypto ETFs Are Now Officially Launched

Knowledge

- 42 days ago 10 mins

Buy Dogecoin on eToro: Step-by-Step Guide for Beginners (2024)

Casino Reviews

- 232 days ago 17 mins

Top Bitcoin Gambling Sites In 2024

News

- 8 hours ago 2 mins

Bosera HashKey Bitcoin ETF Leads ESG Drive in Crypto Market