In a space where cross-bridge attacks are common and hackers often get away with no penalty, here’s news of a victory—however small. Near Protocol not only managed to block one such attack, but the attackers also lost 5 ETH in the process.
Hackers tried exploiting Near’s EVM-compatible Rainbow Bridge on 21 August 2022. They failed because the attack was blocked within 31 seconds. No user funds were lost, but the attackers had to part with the deposit they made to implement the attack.
What happened? And how?
Near’s Rainbow Bridge allows users to migrate tokens across networks, including Near Protocol, Ethereum, and Aurora. The entire process is trustless and driven by smart contracts.
What made the attack possible was the fact that anyone, including malicious actors, can interact with smart contracts, owing to their automated design. The attackers thus chose to use smart contracts to propose a false block within this particular blockchain. They planned an early morning attack in the hope that it wouldn’t meet resistance given the time. They simply had to deposit 5 ETH to get the transaction verified.
Things didn’t go as smoothly as the hackers had hoped, though. The malicious transaction was flagged off, and the attackers lost the deposited ETH in the process.
🧵 on the Rainbow Bridge attack during the weekend
— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) August 22, 2022
TL; DR: similar to May attack; no user funds lost; attack was mitigated automatically within 31 seconds; attacker lost 5 ETH. pic.twitter.com/clnE2l8Vgz
Once the exploit attempt was defeated, Alex Shevchenko—CEO at Aurora Labs—notified the Twitter community about the same. He even rhetorically asked the attackers to focus on “Bug Bounty” to earn instead of trying to breach the bridge.
The 31-second attack block wasn’t Near’s first win. It blocked a similar attack on the Rainbow Bridge back in May 2022.
FAQs
What is hacking in e-commerce?
Hacking in e-commerce refers to unauthorized access, manipulation, or exploitation of electronic systems and networks associated with online commerce. Cybercriminals employ various techniques to compromise e-commerce platforms for illicit gains.
What are the 3 types of hackers?
White Hat Hackers (Ethical Hackers): White hat hackers are cybersecurity professionals who use their skills to identify and fix security vulnerabilities. They work to strengthen systems and protect them from malicious attacks. White hat hackers often perform ethical hacking to enhance overall cybersecurity.
Black Hat Hackers: Black hat hackers engage in malicious activities, exploiting vulnerabilities for personal gain, financial motives, or to cause harm. They are responsible for unauthorized access, data theft, and other cybercrimes. Black hat hackers are commonly associated with criminal activities.
Grey Hat Hackers: Grey hat hackers fall between white hat and black hat hackers. They may initially exploit vulnerabilities without proper authorization but later disclose the issues to the affected party. Grey hat hackers often aim to raise awareness about security flaws rather than causing harm.
What do hackers use for hacking?
Metasploit: An open-source penetration testing framework used for developing, testing, and executing exploit code against a remote target.
Nmap: A network scanning tool that helps hackers discover hosts and services on a computer network, highlighting potential vulnerabilities.
Wireshark: A network protocol analyzer that allows hackers to capture and inspect the data traveling back and forth on a network in real time.
John the Ripper: A widely used password-cracking tool that attempts to crack password hashes using various attack methods.
