Yesterday, the NEAR Protocol Rainbow Bridge was attacked. According to Aurora Labs CEO Alex Shevchenko, no assets were taken, and the attacker actually lost some money in the process.
Everything To Know About the Attack
🧵 on the Rainbow Bridge attack today.
TL;DR: attack was stopped automatically, no bridged funds lost, attacker lost some money, bridge architecture was designed to resist such attacks, additional measures to be taken to ensure the cost of an attack attempt is increased— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) May 1, 2022
Additional precautions will be adopted, according to Shevchenko, to ensure that such cost of an assault rises. He also revealed the attacker’s address, who began with some ETH supplied using Tornado Cash. The attack started on May 1, when the attacker used a contract to deposit money in order to become a Rainbow Bridge relayer. The plan was to send out fictitious light client blocks.
4 / 18
After it, he decided to send the similar transaction with the block timestamp in the future (+5h), this transaction successfully substituted the previously submitted block:https://t.co/YunpRu7ahu— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) May 1, 2022
One of the bridge protectors eventually recognized the submitted block wasn’t on the NEAR Protocol blockchain then sent a challenge transaction to Ethereum. Shevchenko notes in his tweet that as a consequence, the watchdog transaction failed, the MEV bot transaction succeeded, and the perpetrator’s faked block was scaled back. Their relayer then uploaded a fresh block a few minutes later.
In his extensive Twitter thread, Shevchenko goes into more intricate aspects about the incident. He emphasizes that programs would be focused on security measures. He wants that everyone involved in blockchain innovation pays close attention to the security and robustness of their products using all available tools, including as automated systems, notifications, bug bounties, and internal and external audits.
Rainbow Bridge is a cross-chain bridge that connects the Ethereum, NEAR, and Aurora networks to let users to transfer and receive payments. It was built by Aurora Labs, and its user experience is quite popular. Except for the security of the connected chains, the bridge protocol eliminates the need to trust anybody. Without the consent of anyone else, anybody can build a new bridge, utilize an existing bridge, or volunteer to help maintain an existing bridge.
