Twitter user saves cross-chain bridge from potential exploit

Thanks to an alert Twitter user, a cross-chain bridge between BitBTC (Ethernet layer-2 network Optimism) was able to avoid a potentially expensive exploit.

The custom cross-chain bridge allows users to send assets between Optimism and BitAnt’s Decentralized Finance (DeFi) ecosystem. This includes NFTs and swaps as well as BitBTC token. 1,000,000 BitBTC is 1 Bitcoin (BTC).

Lee Bousfield, L2 network Abirtrum tech leader, highlighted the BitBTC bridge problem in a Oct. 18 tweet. He warned that BitBTC’s “Optimism Bridge is trivially vulnerable”

Bousfield claimed that he published the tweet because the “team had ignored my messages, therefore I’m going to post the critical exploit here.”

BitBTC’s Optimism Bridge is extremely vulnerable. I have sent them messages but they ignored me so I am going to publish my critical exploit here. https://t.co/onyN9SzBjt
— Lee Bousfield (@PlasmaPower0 October 18, 2022

Bousfield claims that the BitBTC bridge contained a bug that allowed an attacker to create fake tokens and then swap them for real tokens.

“The Optimism L2 bridge allows you to withdraw any token and it lets that token pick which L1Token address is passed to the L1side of the bridge. The L1 bridge ignores the L2 token and simply mints an arbitrary L1 token.” he wrote.

“This means that an attacker could deploy their token on Optimism and give themselves all the supply. Then, they would set that token’s L1 token to the real BitBTC address.

Bousfield stated that the bug would need to be exploited in a successful manner within seven days. During this time, the L1 bridge could possibly be fixed by an upgrade.

Soon after noticing this, an attacker attempted to withdraw “200 Billion fake BitBTC” from Optimism.

According to reports, the attacker claimed it was a mere test.

Bousfield also mentioned in a later update 10 hours later, that the bug was now fixed after he got in touch with BitBTC.

Cointelegraph reached out to BitAnt for confirmation and will update this story if they respond.

Related: Ethereum Alarm Clock exploit leads at $260K in stolen gasoline fees so far

Kevin Fichter, an Optimism developer, confirmed Oct. 18 that BitBTC had the bug as BitBTC had used its custom bridge instead of the standard one offered to partners.

Fichter noted that BitBTC assets are not at risk. He also said that there was a lot “time and energy” that went into the standard bridge and encouraged people to use it “unless they know what they’re doing.”

2021's Most Anticipated Growth & Wealth-Building Opportunity

Join Thousands of Early Adopters Just Like You Who Want to Grow Capital and Truly Understand Cryptocurrency Together

Jason Basler

Jason Basler– Financial Updates My Name is Jason Basler and I am also the main source from the ‘Topnewsscoop.com’ of all the exclusive and most delicate visualization of the activities in the business sector. My first step towards this journey was taken in the very early years of my life. I started with an independent financial consultant. However, I only had almost 4 years of skills and experience in this market. I have always been a free personality and like to fly one place to another, to explore more and more. Moreover, this passion and craze of traveling gave me a chance to report a section for best news associations. Last but not least, I am presently working full-time as an editor. Address: 4830 Crim Lane Dayton, OH 45402, United States of America Phone Number:  +1 937 727 7917 Email: [email protected]

2021's Most Anticipated Growth & Wealth-Building Opportunity

Join Thousands of Early Adopters Just Like You Who Want to Grow Capital and Truly Understand Cryptocurrency Together

Close Bitnami banner
Bitnami