The BitBTC bridge reportedly had a bug that would essentially allow an attacker to mint fake tokens on one side of the bridge, and swap them for real ones on the other.
A cross-chain bridge between BitBTC and the Ethereum layer-2 network Optimism has been able to avoid a potentially costly exploit thanks to the work of an eagle-eyed Twitter user.
The custom cross-chain bridge offers a ramp for users to send assets between Optimism’s network and BitAnt’s decentralized finance (DeFi) ecosystem, which includes yield services, NFTs, swaps and the BitBTC token, in which 1 million BitBTC represents 1 Bitcoin (BTC).
The BitBTC bridge bug was highlighted by L2 network Abirtrum tech lead Lee Bousfield in an Oct. 18 Twitter post, warning that “BitBTC’s Optimism bridge is trivially vulnerable.”
Bousfield said he published the Tweet as the “team has ignored my messages, so I’m going to publish the critical exploit here.”
BitBTC's Optimism bridge is trivially vulnerable. Their team has ignored my messages, so I'm going to publish the critical exploit here. https://t.co/onyN9SzBjt
— Lee Bousfield (@PlasmaPower0) October 18, 2022
According to Bousfield, the BitBTC bridge had a bug that would allow an attacker to mint fake tokens on one side of the bridge, and swap them for real ones on the other.
“The Optimism L2 side of the bridge lets you withdraw any token, and it let’s that token pick the L1Token address passed to the L1 side of the bridge. However, the L1 bridge completely ignores what the L2 token was, and just goes ahead and mints the arbitrary L1 token!” he wrote, adding that:
“That means an attacker could deploy their own token on Optimism, give themselves all the supply, and set that token’s L1 Token to the real BitBTC L1 address.”
For the bug to be exploited successfully, Bousfield outlined that it would take “7 days to go through, during which the L1 bridge could be fixed via an upgrade.”
Shortly after noting such, someone went on to test that theory, with an attacker attempting to withdraw “200 billion fake BitBTC from Optimism.”
The attacker reportedly claimed that it was merea test.
Bousfield also noted in a subsequent update around 10 hours later that the bug had since been patched after he managed to get in contact with the BitBTC team.
Cointelegraph has reached out to the BitAnt team for confirmation on these details and will update the story if they respond.
Related: Ethereum Alarm Clock exploit leads to $260K in stolen gas fees so far
Optimism developer Kevin Fichter on Oct. 18 confirmed that the bug was on BitBTC’s side of things as it had used its own custom bridge as opposed to Optimism’s standard bridge it offers to partners.
Fichter also noted that assets “other than BitBTC are not at risk,” adding that there was a lot of “time and energy placed into the standard bridge” and encouraged people to use the standard bridge “unless you know what you’re doing.”