Who is Oxriptide? Bug bounty hunter collects ETH400 from Arbitrum for bridge vulnerability discovery

The code bounty hunter Oxriptide was paid ETH400, roughly $520,000, for detecting a vulnerability in the Aribtrum layer-two solution.

The liable code was found in a bridge between Ethereum and the newly upgraded Arbitrum Nitro. After being spotted by Oxriptide, the vulnerability was fixed before it was exploited, or any funds were stolen.

Who is Oxriptide?

Self-described as a white-hat hacker, Oxriptide is an anonymous coder who scours the Web3 bounty platform Immunefi for leads. The website is where they initially discovered the Arbitrum exploit.

The Medium post where Oxriptide outlined the Arbitrum vulnerability said: “I… focus mainly on searching for vulnerabilities solely within smart contracts written in Solidity.”

Focusing on smart contracts gives the hacker the opportunity for large bounties as often millions of dollars are at risk. They claim there is a clear need for bug hunters as contracts will always have issues, whether it is during deployment, development or upgrades.

Going by riptide on Twitter, the coder recently shared that he was out of practice six months ago and spent every week researching. “I was dead set on my path of bounty hunting.”

The bounty hunter is currently working on cross-chain projects “due to the complexity involved for the developers of these projects and the significant amount of funds at risk due to the current ‘honeypot’ structure of most bridge implementations”.

Arbitrum vulnerability

The vulnerability that could have seen over $250m of ETH stolen was contained in a bridge between the Ethereum mainnet and Arbitrum’s layer-two network.

According to Oxriptide’s medium post, a bad actor could have exploited the code to steal incoming ETH deposits to the Arbitrum protocol.

Markets in this article

ETH/USD
Ethereum / USD
3153.23 USD

21 +0.670%

Related topics

#Cryptocurrency

Rate this article

Rate this article: