An eagle-eyed Twitter user helped a cross-chain bridge for both BitBTC and the Ethereum layer-2 network Optimism to avoid a possibly costly loophole.

The custom cross-chain bridge enables users to transfer assets between the Optimism network and BitAnt's decentralized finance (DeFi) ecosystem, which contains yield services, NFTs, swaps, and the BitBTC token, where one million BitBTC equals one Bitcoin.

L2 network Abirtrum tech lead Lee Bousfield emphasized the bug in an Oct. 18 Post on Twitter, alerting that "BitBTC's Optimism bridge is trivially exposed."

Bousfield stated that he tweeted because “the team has rejected my messages, so I'm going to post the serious exploit here."

According to Bousfield, the bridge contained a bug that allowed an attacker to create bogus tokens on one side of the bridge and swap them for legitimate ones on the other.

"The Optimism L2 side of the bridge allows you to withdraw any token, and that token can choose the L1Token address that was passed to the L1 side of the bridge. The L1 bridge, on the other hand, completely disregards what the L2 token was and mints the arbitrary L1 token! " he wrote.

Bousfield estimated that exploiting the bug would take seven days to go through, after which the L1 could be fixed via an upgrade. Soon after, someone put that theory to the test with an intruder attempting to withdraw 200 billion fake BitBTC from Optimism. According to reports, the attacker claimed it was a mere test.

Bousfield also mentioned in a subsequent update about 10 hours later that the bug had been fixed after he got in touch with the BitBTC team.

On October 18, Optimism developer Kevin Fichter confirmed that the bug was on BitBTC's end because it had used its own custom bridge rather than Optimism's standard that it offers to partners.

Do you think the exploit could have caused much damage if it wasn't caught in time? Let us know your thoughts by sharing this article online.

Posted 
Oct 20, 2022
 in 
Crypto News
 category

More from 

Crypto News

 category

View All

Join Our Newsletter and Get the Latest
Posts to Your Inbox

No spam ever. Read our Privacy Policy
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.