Skip to content

Hacker Loses 5 ETH (~$8,000) In Failed Attack on NEAR Rainbow Bridge

  • 2 min read
  • Latest

Aurora Labs CEO Alex Shevchenko said that on Aug. 22 a hacker lost 5 Ethereum (ETH) in a failed attack on the NEAR/ETH Rainbow Bridge over the weekend. No user funds were lost.

Shevchenko said the attack “was mitigated automatically within 31 seconds,” highlighting what looks like an effective mechanism to safeguard user funds on the bridge.

It comes as hackers pilfered nearly $2 billion from the DeFi industry during the first six months of this year, according to Chainalysis.

Aurora ‘watchdogs’ prevent Rainbow Bridge attack

The Rainbow Bridge allows users to transfer tokens between ETH, NEAR, and the Aurora networks. It was created by Aurora, the Ethereum-compatible scaling solution built on the NEAR blockchain.

Users can send ERC-20 assets directly from MetaMask or other Web3 wallets to NEAR wallets and applications, and vice versa.

The bridge “is based on trustless assumptions with no selected middleman to transfer messages or assets between chains.” Because of this, anyone can interact with its smart contracts, “usually with bad intentions.”

Shevchenko said cybercriminals cannot, however, submit “incorrect” information due to the need for “a consensus of NEAR validators,” which protect against the potential loss of all funds on the bridge.

“If someone tries to submit incorrect information, then it would be challenged by independent watchdogs, who also observe NEAR blockchain,” he said in a blog post.

Fabricated block creation

Over the weekend, an attacker submitted “a fabricated NEAR block” to the Rainbow bridge, requiring a so-called
Read Full Article…