“White hacker” received $540,000 instead of $2 million for the discovery of a critical vulnerability in Arbitrum

- Advertisement -

Developers of Ethereum scaling solution Arbitrum have announced a $2M bounty program for finding critical vulnerabilities, but only pay out $540,000.

- Advertisement -

Such a complaint on the social network Twitter was published by a “white hacker” under the pseudonym Riptide. According to him, he discovered an extremely serious vulnerability in the Arbitrum Nitro code, which, theoretically, could lead to a loss of $ 470 million. In his opinion, the report of such a vulnerability should be valued at the maximum reward rate of $ 2 million, but the developers paid only 400 ETH ( $540,000).

The hacker carefully analyzed the Arbitrum Nitro code and discovered a vulnerability in the bridge’s incoming message sequencer when transferring assets from Ethereum to Arbitrum. The vulnerability would allow a hacker to redirect funds coming from the Ethereum network to their own wallets.

“In my opinion, everything is simple. If you are claiming a $2 million reward, then be prepared to pay it out on a real claim. Otherwise, just write that the maximum reward is 400 ETH and there will be no questions. Hackers spy on projects that pay bounties and those that don’t. I don’t think it’s a good idea to motivate a white hacker to become a black hacker,” wrote Riptide.

- Advertisement -

Note that in June, the developers of the Aurora blockchain based on the NEAR Protocol honestly paid a “white hat hacker” a reward of $6 million for helping to prevent the theft of 70,000 ETH.

Source: Bits

- Advertisement -


Please enter your comment!
Please enter your name here

Hot Topics

Related Articles