Arbitrum Saved From Major ETH Loss by White Hat Hacker

An anonymous developer effectively saved Arbitrum from a $250 million loss

article-image

Blockworks Exclusive art by axel rangel

share

key takeaways

  • Arbitrum paid 400 ETH via ImmuneFi to white hat hacker
  • Arbitrum bridge bug was caused by bad initializers in the contract code

Another cryptocurrency vulnerability has been uncovered by a so-called white hat hacker, who found an exploitable bug in the bridge between Ethereum and Arbitrum Nitro.

The hacker, known as riptide on Twitter, outlined their discovery, which comes on the heels of an escalating series of hacks in the bridges that connect different blockchains, which collectively have been drained of hundreds of millions of dollars of predominantly user funds this year. 

Arbitrum, the layer-2 Ethereum scaling solution, paid riptide a bounty of 400 ether (ETH) as a reward via the bug bounty platform ImmuneFi.

The multi-million dollar vulnerability, as riptide called it, would have allowed an attacker to steal all incoming ether deposits from users attempting to bridge their assets between Ethereum layer-1 and layer-2 protocols to Arbitrum.

The initialization-related vulnerability, according to the white hat hacker, would have enabled any nefarious actor to impersonate a user and send the authentication message to the “sequencerInbox” function to execute the vulnerability. 

The largest deposit recorded on the inbox contract was 168,000 ETH, around $250 million, with average deposits ranging from 1,000 to 5,000 ETH in a 24-hour period, riptide said. 

Loading Tweet..

Another Twitter user, smartcontracts.eth, commented that “rollups are still heavily in development,” cautioning his followers to be careful on layer-2 protocols. A layer-2 refers to a mechanism built on top of a blockchain’s core layer, typically to increase scalability or speed, plus introduce additional features. 

A similar bug was seen in the token bridge Nomad’s smart contract, which cost the protocol  $190 million in cryptocurrency in the third-biggest cryptocurrency hack of the year.

Arbitrum recently launched Nitro exactly one year after the rollup’s now-defunct first iteration and ahead of the Merge.

Arbitrum NFTs

Additionally, Arbitrum plans to integrate with NFT marketplace OpenSea on Wednesday. 

A slew of NFT collections built on Arbitrum will be available to buy and sell directly on OpenSea.

OpenSea tweeted that creators would need to find their collections and set their creator fees directly. 

The marketplace recently added the royalties percentages front-and-center on a collection’s page.

Loading Tweet..

Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Research Report Templates.png

Research

Content Delivery Networks (CDNs) represent low-hanging fruit in a massive market ripe for Web3-driven disruption. The global CDN market was valued at ~$28B in 2024, and is projected to surpass $140B by 2034, (18.75% CAGR) underscoring the immense demand for efficient content delivery.

article-image

Sponsored

With early interest from an initial cohort of brands including Metaplex, Story Protocol, and Pipe Network, Shelby offers decentralized, cloud-speed storage for streaming, AI, and real-time content

article-image

The $135 million raise shows that TradFi giants are serious about crypto adoption

article-image

The banking system still processes payments like it’s 1975. Crypto might have a fix.

article-image

Fiserv’s launch follows Senate passage of the GENIUS Act for stablecoin regulation.

article-image

Bitcoin is emerging as “the new standard for long-term corporate resilience,” Swan Bitcoin CIO says

article-image

Cybersecurity experts explain how the attack could have been prevented