Cross-Chain Bridge Protected By Twitter Users

Cross-chain bridge being protected by online users?

Because of the keen and sharp-eyed Twitter user, a cross-chain bridge was able to escape a potentially expensive hack.

It was claimed that the BitBTC bridge contained a fault that made it possible for an attacker to create phony tokens on one side of the bridge and then trade them for genuine tokens on the other side of the bridge.

The custom cross-chain bridge provides users with a ramp for sending assets between Optimism’s network and BitAnt’s decentralized finance (DeFi) ecosystem. BitAnt’s DeFi ecosystem consists of yield services, nonfungible tokens (NFTs), swaps, and the BitBTC token. One million BitBTC is equivalent to one Bitcoin (BTC).

In a post on Twitter published on October 18, L2 network Abirtrum tech lead Lee Bousfield called attention to the weakness that affects the BitBTC bridge. He issued the following warning: “Bitcoin’s Optimism bridge is trivially susceptible.”

Bousfield said in the Tweet that he decided to expose it because “the team has ignored my communications, therefore I’m going to post the important vulnerability here.”

The Optimism bridge that BitBTC uses is quite susceptible to attack. Due to the fact that their staff has chosen to disregard my mails, I will now provide the crucial vulnerability here. – PlasmaPower0 (@PlasmaPower0), Lee Bousfield, October 18, 2022

Advertisement

According to Bousfield, the BitBTC bridge was infected with a fault that made it possible for an adversary to create phony tokens on one side of the bridge and then exchange them for genuine tokens on the other side.

“The Optimism L2 side of the bridge gives you the ability to withdraw any token, and it gives that token the ability to choose the L1Token address that is sent to the L1 side of the bridge. The L1 bridge, on the other hand, pays no attention to what the L2 token really was and instead proceeds to produce the L1 token regardless of its purpose.” In his writing, he added:

“What this implies is that an attacker could issue their own token on Optimism, grant themselves all of the supply, and set that token’s L1 Token to the genuine BitBTC L1 address,” says the author.

According to Bousfield’s description, it would take “7 days to go through” before the vulnerability could be properly exploited. During this time, an update might be implemented to correct the vulnerability in the L1 bridge.

Soon after pointing this up, someone went on to test that notion by trying to withdraw “200 billion bogus BitBTC from Optimism.” This took place not long after the first observation.

The alleged perpetrator of the incident said that it was only a test.

Bousfield also highlighted in a subsequent post that the flaw has subsequently been corrected when he managed to get in touch with the BitBTC team. This update was published around ten hours after the first one.

On October 18, Optimism developer Kevin Fichter stated that the fault was on BitBTC’s side of the situation. BitBTC utilized its own bespoke bridge rather than Optimism’s standard bridge, which is offered to partners by Optimism.

Advertisement

Fichter also mentioned that assets “other than BitBTC are not at risk,” and he mentioned that a lot of “time and energy” was placed into the standard bridge. He encouraged people to use the standard bridge “unless you know what you’re doing,” and he noted that there was a lot of “time and energy” placed into the standard bridge.

For More Blockchain News, Click Here.