In a space where cross-bridge attacks are common and hackers often get away with no penalty, here’s news of a victory—however small. Near Protocol not only managed to block one such attack, but the attackers also lost 5 ETH in the process.
Hackers tried exploiting Near’s EVM-compatible Rainbow Bridge on 21 August 2022. They failed because the attack was blocked within 31 seconds. No user funds were lost, but the attackers had to part with the deposit they made to implement the attack.
What happened? And how?
Near’s Rainbow Bridge allows users to migrate tokens across networks, including Near Protocol, Ethereum, and Aurora. The entire process is trustless and driven by smart contracts.
What made the attack possible was the fact that anyone, including malicious actors, can interact with smart contracts, owing to their automated design. The attackers thus chose to use smart contracts to propose a false block within this particular blockchain. They planned an early morning attack in the hope that it wouldn’t meet resistance given the time. They simply had to deposit 5 ETH to get the transaction verified.
Things didn’t go as smoothly as the hackers had hoped, though. The malicious transaction was flagged off, and the attackers lost the deposited ETH in the process.
🧵 on the Rainbow Bridge attack during the weekend
TL; DR: similar to May attack; no user funds lost; attack was mitigated automatically within 31 seconds; attacker lost 5 ETH. pic.twitter.com/clnE2l8Vgz
— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) August 22, 2022
Once the exploit attempt was defeated, Alex Shevchenko—CEO at Aurora Labs—notified the Twitter community about the same. He even rhetorically asked the attackers to focus on “Bug Bounty” to earn instead of trying to breach the bridge.
The 31-second attack block wasn’t Near’s first win. It blocked a similar attack on the Rainbow Bridge back in May 2022.