NEAR

Latest News

Attacker lost 2.5 ETH due to a failed attack on the NEAR Protocol Rainbow Bridge

May 2, 2022
1 minute read
2 years ago

On May 1, the NEAR Protocol Rainbow Bridge was attacked. According to Aurora Labs CEO Alex Shevchenko, no assets were stolen, and the attacker even lost some money.

Additional measures will be in use, according to Shevchenko, to ensure that the cost of an assault rises.

🧵 on the Rainbow Bridge attack today.
TL;DR: attack was stopped automatically, no bridged funds lost, attacker lost some money, bridge architecture was designed to resist such attacks, additional measures to be taken to ensure the cost of an attack attempt is increased
— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) May 1, 2022

He also revealed the attacker’s address, who began with some ETH supplied using Tornado Cash. The attack started on May 1, when the attacker used a contract to deposit monies in order to become a Rainbow Bridge relayer. The plan was to send out fictitious light client blocks.

1 / 18
The bridge attacker:https://t.co/2o8pFrZJwu

got some ETH from Tornado to start the attack around 12h ago:
https://t.co/Fcgr6mp3ok

CC: @rstormsf
— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) May 1, 2022

After a while, one of the bridge watchdogs realized the submitted block wasn’t on the NEAR Protocol blockchain and issued a challenge transaction to Ethereum. In his tweet, Shevchenko explains:

7 / 18
As a result, watchdog transaction failed, MEV bot transaction succeeded and rolled back the fabricated block of the attacker. Some min after this, our relayer submitted a new block:https://t.co/qN206p9wSy
— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) May 1, 2022

In his extensive Twitter thread, Shevchenko goes into much more technical detail about the incident. However, he emphasizes that programs would be on security measures.

17 / 18
I wish everyone who is innovating in the blockchain to pay enough attention to security and robustness of their products through all the available means: automatic systems, notifications, bug bounties, internal and external audits.
— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) May 1, 2022

Rainbow Bridge is a cross-chain bridge that allows users to send and receive funds between the Ethereum, NEAR, and Aurora networks. Aurora Labs created it, and it is well-known for its user experience.

Related Posts – AMC Theatres Explores Accepting Dogecoin, CEO Sees Awing DOGE Poll Results

Tags:

$near Attack attacker attackers wallet Crypto Crypto attack Crypto exchange Crypto Traders CRYPTOCURRENCY cyberattacks DeFi attack HACKER ATTACKS Near Near Foundation NEAR Protocol

About author
Disclaimer

Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Crypto is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Crypto market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.