A Twitter user found an exploit in the BitBTC bridge. But, the developers ignored the user's requests until someone started using the exploit.
We often write about various #Hacks&Bugs. However, in the crypto industry, as in any other IT-related field, hacks of varying severity often happen. But, occurrences’ like this one rarely happen.
Last month, we described an extraordinary case when a hacker called stealing money from the Mango platform “a highly profitable trading strategy.” This time the case is much more fortuitous. A Twitter user, a tech expert at the company Arbitrum, Lee Bousfield discovered an exploit in the BitBTC bridge of Optimism and helped the developers fix the error, while no one took advantage of the vulnerability.
It all started with a tweet where Lee Bousfield wrote about the vulnerability of the BitBTC bridge. Also, the user wrote that the developers ignored his messages, so he decided to announce the exploit on Twitter.
What was the problem with the bridge and how did the exploit work? The problem was how the L1 side of the bridge perceived the tokens that came from the L2 side of the bridge. The L1 side completely ignored what the L2 token was. Roughly speaking, a hacker could create fake tokens, send them to the L1 side, and then get real tokens.
But fortunately, according to Lee Bousfield, it would take seven days to use the exploit.
Another problem was that the developers ignored Lee Bousfield's requests. That's why the user decided to post everything on Twitter. Hoping that the developers would pay more attention to the vulnerability and fix it.
Literally on the same day, some hacker started withdrawing 200 billion fake BitBTC from the side of the Optimism Bridge. And later, the exploiter said that he had no intention of stealing something, he was only testing a vulnerability. An interesting coincidence. Did Lee Bousfield decide to use the exploit himself to attract attention? We shall never know.
Fortunately everything ended well, the developers released a patch which fixed the vulnerability.
This is a nice story about how important it is to listen to the community. We are glad that everything ended well and continue to observe.