Aurora Labs CEO Alex Shevchenko disclosed on Monday that the NEAR-ETH Rainbow bridge had been the target of a weekend hacking attempt.
However, the protocols in place successfully safeguarded the bridge against the hacker while keeping user funds safe.
An Aborted Attack
The Aurora Labs CEO revealed that the funds were lost by the hacker who targeted the NEAR-ETH Rainbow Bridge, while user funds remained secure. The attack was mitigated in 31 seconds, according to Shevchenko, with various mechanisms to protect user funds on the bridge. The weekend scenario also emphasized the effective defense mechanisms in place to protect funds on the bridge.
The successful repulse of the attack, as well as the additional cost to the hacker, comes against a backdrop of hackers stealing nearly $2 billion from the larger DeFi ecosystem in the first six months of 2022, according to Chainalysis data. Aurora Labs also posted a thread about the attack on Twitter.
Thread on the Rainbow Bridge attack over the weekend TL; DR: same as the May attack; no user funds were lost; the attack was alleviated automatically within 31 seconds; the attacker lost 5 ETH.
Aurora Watchdogs Resist an Attack
Shevchenko emphasized the role of the Aurora “Watchdogs” in thwarting the Rainbow Bridge attack. The Rainbow Bridge enables users to smoothly transfer tokens such as ETH, NEAR, and other ERC-20 tokens between networks and was produced by Aurora, the Ethereum-compatible scaling solution.
The Rainbow Bridge, on the other hand, is based on trustless presumptions, which means there are no middlemen to transfer assets or data between chains. As a result, any user, including those with malicious intent, can interact with the protocol’s smart contracts. Shevchenko, on the other hand, stated that no malicious user could submit incorrect information.
This is due to the fact that they require the agreement of NEAR validators. This mechanism guards against any financial loss on the Rainbow Bridge. In a blog post, the CEO stated: If someone attempts to submit false information, it will be challenged by independent watchdogs who also monitor the NEAR Blockchain.
Information About the Attempted Hack
The hacker in question submitted a “fabricated NEAR block” to the Rainbow Bridge while also requesting a “safe deposit” of 5 ETH. On August 20th, at 04:49:19 PM UTC, the transaction was submitted to the Ethereum Blockchain. According to Shevchenko, the hacker hoped that responding to the attack early Saturday morning would be difficult. However, automated watchdogs challenged the transaction in just 31 seconds, resulting in the hacker losing their 5 ETH deposit.
The Aurora CEO did have a message for the would-be attacker, inviting them to participate in the bug bounty rather than stealing funds, stating: It’s great to see your activity, but if you really want to make something good, rather than stealing users’ money and having a difficult time laundering it, you have an alternative — the bug bounty:
This is not the first attempt
This is not the first time an attempt has been made to jeopardize the Rainbow Bridge. The platform successfully defended an attempt to siphon funds from the bridge on May 1st. While the Bridge is designed to defend against such attacks, the Aurora CEO stated that the protocol has also discarded plans to increase the safe deposit and boost security because doing so would make the platform less decentralized. As a result, Aurora offered a $6 million bounty to ethical hackers in order to secure funds.
Source link
