Arbitrum Saved From Major ETH Loss by White Hat Hacker

An anonymous developer effectively saved Arbitrum from a $250 million loss

by Ornella Hernandez /
article-image

Blockworks Exclusive art by axel rangel

share
  • Arbitrum paid 400 ETH via ImmuneFi to white hat hacker
  • Arbitrum bridge bug was caused by bad initializers in the contract code

Another cryptocurrency vulnerability has been uncovered by a so-called white hat hacker, who found an exploitable bug in the bridge between Ethereum and Arbitrum Nitro.

The hacker, known as riptide on Twitter, outlined their discovery, which comes on the heels of an escalating series of hacks in the bridges that connect different blockchains, which collectively have been drained of hundreds of millions of dollars of predominantly user funds this year. 

Arbitrum, the layer-2 Ethereum scaling solution, paid riptide a bounty of 400 ether (ETH) as a reward via the bug bounty platform ImmuneFi.

The multi-million dollar vulnerability, as riptide called it, would have allowed an attacker to steal all incoming ether deposits from users attempting to bridge their assets between Ethereum layer-1 and layer-2 protocols to Arbitrum.

Newsletter

Subscribe to The Breakdown

The initialization-related vulnerability, according to the white hat hacker, would have enabled any nefarious actor to impersonate a user and send the authentication message to the “sequencerInbox” function to execute the vulnerability. 

The largest deposit recorded on the inbox contract was 168,000 ETH, around $250 million, with average deposits ranging from 1,000 to 5,000 ETH in a 24-hour period, riptide said. 

Loading Tweet..

Another Twitter user, smartcontracts.eth, commented that “rollups are still heavily in development,” cautioning his followers to be careful on layer-2 protocols. A layer-2 refers to a mechanism built on top of a blockchain’s core layer, typically to increase scalability or speed, plus introduce additional features. 

A similar bug was seen in the token bridge Nomad’s smart contract, which cost the protocol  $190 million in cryptocurrency in the third-biggest cryptocurrency hack of the year.

Arbitrum recently launched Nitro exactly one year after the rollup’s now-defunct first iteration and ahead of the Merge.

Arbitrum NFTs

Additionally, Arbitrum plans to integrate with NFT marketplace OpenSea on Wednesday. 

A slew of NFT collections built on Arbitrum will be available to buy and sell directly on OpenSea.

OpenSea tweeted that creators would need to find their collections and set their creator fees directly. 

The marketplace recently added the royalties percentages front-and-center on a collection’s page.

Loading Tweet..

Get the news in your inbox. Explore Blockworks newsletters:

Tags

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Digital Asset Summit 2026

Javits Center North | 445 11th Ave

Tues - Thurs, March 24 - 26, 2026

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Research Report Templates (8).png

Research

Kinetiq Protocol: From LST Infrastructure to HIP-3 Deployer

Kinetiq has established itself as Hyperliquid's dominant liquid staking protocol, holding 82.5% of LST market share with $610M in TVL. The protocol is now expanding beyond its kHYPE staking core into higher take-rate verticals: iHYPE for institutional custody rails, Launch for HIP-3 capital formation, and Markets for builder-deployed perpetuals. We view Markets, launching Jan. 12, as the highest-potential product line given its mechanically scalable, activity-linked unit economics. Near-term revenue remains anchored by kHYPE's KIP-2 fee schedule (~$1.6M annualized), while Markets provides embedded optionality if HIP-3 economics normalize post-Growth Mode. KNTQ's setup is relatively clean: zero insider unlocks until November 2026, 6.2% buyback yield from staking revenue, and cleared airdrop overhang. Risks center on unproven Markets execution, declining kHYPE TVL despite ongoing incentives, and competition from Hyperliquid's native initiatives.

by Shaunda Devens

/

news

article-image

0xResearch NewsletterMarkets

DePIN and crypto gaming led a surprising end-of-year rebound

BTC finished the week up 1.6%, while L2s, RWAs and the treasury trade continued to grind lower

by Kunal Doshi /
article-image

0xResearch NewsletterDeFi

Canton’s $6T RWA rails and Lighter’s Hyperliquid multiple

DTCC moves DTC-custodied Treasuries onchain via Canton, while Lighter’s LIT launches trading at a fees multiple in Hyperliquid territory

by Kunal Doshi&Shaunda Devens /
article-image

The Breakdown

The long wait for crypto’s “coffee pot” moment

In the 90s, rapt audiences worldwide watched a coffee pot — will that fascination ever turn to crypto?

by Byron Gilliam /
article-image

DeFiThe Breakdown

Failure is an option in crypto finance

Some systems improve by failing — and crypto has no choice

by Byron Gilliam /
article-image

0xResearch Newsletter

Yield Basis is making native BTC yield a reality

Yield Basis introduces an IL-free AMM design that already dominates BTC DEX liquidity

by Marc Arjoon /
article-image

The Breakdown

Users are the best investors to have

Maybe tokenholders don’t need the rights that corporate shareholders have come to expect

by Byron Gilliam /

Newsletter

The Breakdown

Decoding crypto and the markets. Daily, with Byron Gilliam.

Blockworks Research

Unlock crypto's most powerful research platform.

Our research packs a punch and gives you actionable takeaways for each topic.

SubscribeGet in touch

Blockworks Inc.

133 W 19th St., New York, NY 10011

Blockworks Network

NewsPodcastsNewslettersEventsRoundtablesAnalytics

Company

AboutAdvertiseCareersTrust & EthicsPrivacyGlossaryContact