Mentors and Mavens All Stories
To The Point Daily Tech Brief Tech Conversations Money Talks Startup Fridays From the Bookshelves All Podcasts
Leadership Mantras Pathbreakers Lets Talk About One Thing Today in Tech Momentum Nuts and Bolts In Conversation With From the Field Beyond the Boardroom All Videos
India's Top 100 Digital Stars 2023
  1. Home
  2. Cryptocurrency
  3. Cryptocurrency
  4. A Twitter user successfully stopped a potential attack on a cross-chain bridge

A Twitter user successfully stopped a potential attack on a cross-chain bridge

The BitBTC bridge included a weakness that would effectively let an attacker print phoney tokens on one side of the bridge and exchange them for genuine ones

Shashank Bhardwaj
By Shashank Bhardwaj
Published: Oct 20, 2022 04:42:15 PM IST
Full Bio

A Twitter user successfully stopped a potential attack on a cross-chain bridgeImage: Shutterstock

Thanks to the diligence of a sharp-eyed Twitter user, a cross-chain bridge between BitBTC and the Ethereum layer-2 network Optimism was able to escape potentially expensive abuse. 

L2 network Abirtrum tech lead Lee Bousfield called attention to the BitBTC bridge flaw in a message on Twitter on October 18 and stated that "BitBTC's Optimism bridge is trivially vulnerable. Their team has ignored my messages, so I'm going to publish the critical exploit here."

The BitBTC bridge, according to Bousfield, included a fault that would allow a hacker to create phoney tokens on one side of the bridge and exchange them for genuine ones on the other.

"Any token may be withdrawn from the Optimism L2 side of the bridge, and the token may choose the L1Token address sent to the L1 side of the bridge. But the L1 bridge merely goes on and mints the random L1 token, disregarding what the L2 token was!" said Bousfield. In order to successfully exploit the problem it would reportedly take '7 days to go past, during which an upgrade might patch the L1 bridge.' As soon as this was noted, someone tried to test the notion by attempting to withdraw '200 billion bogus BitBTC from Optimism.'

It was allegedly a mere test, according to the attacker. Around 10 hours later, in a follow-up statement, Bousfield also mentioned that the problem had been fixed due to his communication with the BitBTC team. To validate these specifics, Cointelegraph has contacted the BitAnt team. If they answer, the report will be updated.

The fault originated on BitBTC's end, according to Optimism developer Kevin Fichter, who said this on October 18. BitBTC utilized its bespoke bridge instead of the Optimism standard bridge it provides to partners.

Fichter also stated that assets 'other than BitBTC are not at risk.' He also added that much 'work and energy' had been invested in the standard bridge. He advised users to use the standard bridge 'unless you know what you're doing.'

It is worth noting that users may transmit assets between the Optimism network and BitAnt's decentralised finance (DeFi) ecosystem via the unique cross-chain bridge, yield services, non-fungible tokens (NFTs), swaps, and the BitBTC token, where 1 million BitBTC is equivalent to one Bitcoin.

Shashank is founder at yMedia. He ventured into crypto in 2013 and is an ETH maximalist.


Post Your Comment
Required
Required, will not be published
All comments are moderated
How can quantum computing revolutionise the EV industry?
Arjun Gupta on ambition to lift millions from energy poverty, tackle carbon emissions and build a world-class company