A cross-chain bridge between BitBTC and the Ethereum layer-2 network Optimism has been able to avoid a potentially costly exploit thanks to the work of an eagle-eyed Twitter user. The custom cross-chain bridge offers a ramp for users to send assets between Optimism’s network and BitAnt’s decentralized finance (DeFi) ecosystem, which includes yield services, nonfungible tokens (NFTs), swaps and the BitBTC token, in which 1 million BitBTC represents 1 Bitcoin. The BitBTC bridge bug was highlighted by L2 network Abirtrum tech lead Lee Bousfield in an Oct. 18 Twitter post, warning that “BitBTC’s Optimism bridge is trivially vulnerable.” Bousfield said he published the Tweet as the “team has ignored my messages, so I’m going to publish the critical exploit here.” According to Bousfield, the BitBTC bridge had a bug that would allow an attacker to mint fake tokens on one side of the bridge, and swap them for real ones on the other. “The Optimism L2 side of the bridge lets you withdraw any token, and it let’s that token pick the L1Token address passed to the L1 side of the bridge. However, the L1 bridge completely ignores what the L2 token was, and just goes ahead and mints the arbitrary L1 token!” he wrote, adding that: “That means an attacker could deploy their own token on Optimism, give themselves all the supply, and set that token’s L1 Token to the real BitBTC L1 address.”
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.