{"id":502236,"date":"2022-10-20T06:44:15","date_gmt":"2022-10-20T03:44:15","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/twitter-user-saves-cross-chain-bridge-from-potential-exploit\/"},"modified":"2022-10-20T06:44:15","modified_gmt":"2022-10-20T03:44:15","slug":"twitter-user-saves-cross-chain-bridge-from-potential-exploit","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/twitter-user-saves-cross-chain-bridge-from-potential-exploit\/","title":{"rendered":"# Twitter user saves cross-chain bridge from potential exploit"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2eaa8b4fec9\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2eaa8b4fec9\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/twitter-user-saves-cross-chain-bridge-from-potential-exploit\/#%E2%80%9D_Twitter_user_saves_cross-chain_bridge_from_potential_exploit_%E2%80%9C\" >&#8221; Twitter user saves cross-chain bridge from potential exploit  &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_Twitter_user_saves_cross-chain_bridge_from_potential_exploit_%E2%80%9C\"><\/span>&#8221; Twitter user saves cross-chain bridge from potential exploit  &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMTAvNzc0YTA2YmQtMjVmZS00NWVjLTkzNzgtOWI5MmEyY2UyNjg0LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-4b69a2fe>A cross-chain bridge between BitBTC and the Ethereum layer-2 network Optimism has been able to avoid a potentially costly exploit thanks to the work of an eagle-eyed <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> user.<\/p>\n<p>The custom cross-chain bridge offers a ramp for users to send assets between Optimism\u2019s network and BitAnt&#8217;s decentralized finance (DeFi) ecosystem, which includes yield services, NFTs, swaps and the BitBTC token, in which 1 million BitBTC represents 1 Bitcoin (BTC). <\/p>\n<p>The BitBTC bridge bug was highlighted by L2 network Abirtrum tech lead Lee Bousfield in an Oct. 18 Twitter post, warning that \u201cBitBTC&#8217;s Optimism bridge is trivially vulnerable.\u201d<\/p>\n<p>Bousfield said he published the Tweet as the \u201cteam has ignored my messages, so I&#8217;m going to publish the critical exploit here.\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">BitBTC&#8217;s Optimism bridge is trivially vulnerable. Their team has ignored my messages, so I&#8217;m going to publish the critical exploit here. <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/onyN9SzBjt\">https:\/\/t.co\/onyN9SzBjt<\/a><\/p>\n<p>\u2014 Lee Bousfield (@PlasmaPower0) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/PlasmaPower0\/status\/1582176532985880576?ref_src=twsrc%5Etfw\">October 18, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nAccording to Bousfield, the BitBTC bridge had a bug that would allow an attacker to mint fake tokens on one side of the bridge, and swap them for real ones on the other.<\/p>\n<p>\u201cThe Optimism L2 side of the bridge lets you withdraw any token, and it let&#8217;s that token pick the L1Token address passed to the L1 side of the bridge. However, the L1 bridge completely ignores what the L2 token was, and just goes ahead and mints the arbitrary L1 token!\u201d he wrote, adding that: <\/p>\n<blockquote><p>\u201cThat means an attacker could deploy their own token on Optimism, give themselves all the supply, and set that token&#8217;s L1 Token to the real BitBTC L1 address.\u201d<\/p><\/blockquote>\n<p>For the bug to be exploited successfully, Bousfield outlined that it would take \u201c7 days to go through, during which the L1 bridge could be fixed via an upgrade.\u201d <\/p>\n<p>Shortly after noting such, someone went on to test that theory, with an attacker attempting to withdraw \u201c200 billion fake BitBTC from Optimism.\u201d <\/p>\n<p>The attacker reportedly claimed that it was merea test.<\/p>\n<p>Bousfield also noted in a subsequent update around 10 hours later that the bug had since been patched after he managed to get in contact with the BitBTC team.<\/p>\n<p>Cointelegraph has reached out to the BitAnt team for confirmation on these details and will update the story if they respond. <\/p>\n<p><strong><em>Related: <\/em><\/strong><strong><em>Ethereum Alarm Clock exploit leads to $260K in stolen gas fees so far<\/em><\/strong><\/p>\n<p>Optimism developer Kevin Fichter on Oct. 18\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/kelvinfichter\/status\/1582402434777112576\">confirmed<\/a> that the bug was on BitBTC\u2019s side of things as it had used its own custom bridge as opposed to Optimism\u2019s standard bridge it offers to partners. <\/p>\n<p>Fichter also noted that assets \u201cother than BitBTC are not at risk,\u201d adding that there was a lot of \u201ctime and energy placed into the standard bridge\u201d and encouraged people to use the standard bridge \u201cunless you know what you\u2019re doing.\u201d<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/twitter-user-saves-cross-chain-bridge-from-potential-exploit\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; Twitter user saves cross-chain bridge from potential exploit &#8220; A cross-chain bridge between BitBTC and the Ethereum layer-2 network Optimism has been able to avoid a potentially costly exploit thanks to the work of an eagle-eyed Twitter user. The custom cross-chain bridge offers a ramp for users to send assets between Optimism\u2019s network and&#8230;<\/p>\n","protected":false},"author":1,"featured_media":502237,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMTAvNzc0YTA2YmQtMjVmZS00NWVjLTkzNzgtOWI5MmEyY2UyNjg0LmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,74868,95119,75434],"class_list":["post-502236","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-defi","tag-layer2","tag-smart-contracts"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/502236","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=502236"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/502236\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/502237"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=502236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=502236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=502236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}