CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. 82.67% of retail investor accounts lose money when trading CFDs. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money

Who is Oxriptide? Bug bounty hunter collects ETH400 from Arbitrum for bridge vulnerability discovery

By Raphael Sanis

15:19, 22 September 2022

A figure taking funds from a suspension bridge
Focused on cross-chain vulnerabilities, Oxriptide found the exploit in an Arbitrum bridge to Ethereum – Photo: Shutterstock

The code bounty hunter Oxriptide was paid ETH400, roughly $520,000, for detecting a vulnerability in the Aribtrum layer-two solution.

The liable code was found in a bridge between Ethereum and the newly upgraded Arbitrum Nitro. After being spotted by Oxriptide, the vulnerability was fixed before it was exploited, or any funds were stolen.

Who is Oxriptide?

Self-described as a white-hat hacker, Oxriptide is an anonymous coder who scours the Web3 bounty platform Immunefi for leads. The website is where they initially discovered the Arbitrum exploit.

The Medium post where Oxriptide outlined the Arbitrum vulnerability said: “I… focus mainly on searching for vulnerabilities solely within smart contracts written in Solidity.”

Focusing on smart contracts gives the hacker the opportunity for large bounties as often millions of dollars are at risk. They claim there is a clear need for bug hunters as contracts will always have issues, whether it is during deployment, development or upgrades.

ETH/USD

3,818.67 Price
+5.250% 1D Chg, %
Long position overnight fee -0.0616%
Short position overnight fee 0.0137%
Overnight fee time 22:00 (UTC)
Spread 1.75

BTC/USD

95,576.65 Price
-0.770% 1D Chg, %
Long position overnight fee -0.0616%
Short position overnight fee 0.0137%
Overnight fee time 22:00 (UTC)
Spread 50.00

XRP/USD

2.40 Price
-10.760% 1D Chg, %
Long position overnight fee -0.0616%
Short position overnight fee 0.0137%
Overnight fee time 22:00 (UTC)
Spread 0.01198

XLM/USD

0.49 Price
-6.990% 1D Chg, %
Long position overnight fee -0.0616%
Short position overnight fee 0.0137%
Overnight fee time 22:00 (UTC)
Spread 0.00244

Going by riptide on Twitter, the coder recently shared that he was out of practice six months ago and spent every week researching. “I was dead set on my path of bounty hunting.”

The bounty hunter is currently working on cross-chain projects “due to the complexity involved for the developers of these projects and the significant amount of funds at risk due to the current ‘honeypot’ structure of most bridge implementations”.

Arbitrum vulnerability

The vulnerability that could have seen over $250m of ETH stolen was contained in a bridge between the Ethereum mainnet and Arbitrum’s layer-two network.

According to Oxriptide’s medium post, a bad actor could have exploited the code to steal incoming ETH deposits to the Arbitrum protocol.

The Medium post said: “The largest deposit recorded on the inbox contract was ETH168,000 (~$250mm) with typical total deposits in a 24-hour period ranging from ~ETH1,000 to ~ETH5,000.”

Markets in this article

ETH/USD
Ethereum / USD
3818.67 USD
189.71 +5.250%

Related topics

Rate this article

Related reading

The difference between trading assets and CFDs
The main difference between CFD trading and trading assets, such as commodities and stocks, is that you don’t own the underlying asset when you trade on a CFD.
You can still benefit if the market moves in your favour, or make a loss if it moves against you. However, with traditional trading you enter a contract to exchange the legal ownership of the individual shares or the commodities for money, and you own this until you sell it again.
CFDs are leveraged products, which means that you only need to deposit a percentage of the full value of the CFD trade in order to open a position. But with traditional trading, you buy the assets for the full amount. In the UK, there is no stamp duty on CFD trading, but there is when you buy stocks, for example.
CFDs attract overnight costs to hold the trades (unless you use 1-1 leverage), which makes them more suited to short-term trading opportunities. Stocks and commodities are more normally bought and held for longer. You might also pay a broker commission or fees when buying and selling assets direct and you’d need somewhere to store them safely.
Capital Com is an execution-only service provider. The material provided in this article is for information purposes only and should not be understood as investment advice. Any opinion that may be provided on this page does not constitute a recommendation by Capital Com or its agents and has not been prepared in accordance with the legal requirements designed to promote investment research independence. While the information in this communication, or on which this communication is based, has been obtained from sources that Capital.com believes to be reliable and accurate, it has not undergone independent verification. No representation or warranty, whether expressed or implied, is made as to the accuracy or completeness of any information obtained from third parties. If you rely on the information on this page, then you do so entirely at your own risk.

Still looking for a broker you can trust?

Join the 660,000+ traders worldwide that chose to trade with Capital.com

1. Create & verify your account 2. Make your first deposit 3. You’re all set. Start trading