Aurora Labs CEO Alex Shevchenko said that on Aug. 22 a hacker lost 5 Ethereum (ETH) in a failed attack on the NEAR/ETH Rainbow Bridge over the weekend. No user funds were lost.
Shevchenko said the attack “was mitigated automatically within 31 seconds,” highlighting what looks like an effective mechanism to safeguard user funds on the bridge.
It comes as hackers тоноду долларга жакын 2 млрд толугу менен боюнча быйылкы жылдын алты айынын ичинде енер жай Chainalysis.
Aurora ‘watchdogs’ prevent Rainbow Bridge attack
The Rainbow Bridge allows users to transfer tokens between ETH, NEAR, and the Aurora networks. It was created by Aurora, the Ethereum-compatible scaling solution built on the NEAR blockchain.
Users can send ERC-20 assets directly from MetaMask or other Web3 wallets to NEAR wallets and applications, and vice versa.
The bridge “is based on trustless assumptions with no selected middleman to transfer messages or assets between chains.” Because of this, anyone can interact with its smart contracts, “usually with bad intentions.”
Shevchenko said cybercriminals cannot, however, submit “incorrect” information due to the need for “a consensus of NEAR validators,” which protect against the potential loss of all funds on the bridge.
“If someone tries to submit incorrect information, then it would be challenged by independent watchdogs, who also observe NEAR blockchain,” he said in a блог.
Fabricated block creation
Over the weekend, an attacker submitted “a fabricated NEAR block” to the Rainbow bridge, requiring a so-called “safe deposit” of 5 ETH. The transaction was successfully submitted to Ethereum on Aug. 20, at 04:49:19 PM UTC.
Shevchenko said the hacker “was hoping that it would be complicated to react [to] the attack early Saturday morning.”
However, “automated watchdogs challenged the malicious transaction,” resulting in the attacker losing their 5 ETH deposit, valued at about $8,000 at the time.
“The reaction took only 31 seconds,” claimed the Aurora CEO. “After notifications on strange activities, within one hour the team was checking that everything is OK…”
This is not the first time that the Rainbow bridge has been attacked. On May 1, the platform коргогон an attempt by hackers to siphon funds. Shevchenko said that is “because the bridge architecture was designed to resist such attacks.”
He added that Aurora “discarded” plans to boost коопсуздук by increasing the safe deposit because that would make the bridge “more permissioned” and less decentralized. Instead, the protocol paid a $6 million bounty to ethical hackers to help secure user funds.
Shevchenko had a special message for the attacker:
«Активдүүлүктү өзүңүздүн аягынан көрүү абдан жакшы, бирок эгер сиз чындап эле жакшы нерсе жасагыңыз келсе, колдонуучулардын акчасын уурдап, аны адалдоого аракет кылуунун ордуна; сизде альтернатива бар - мүчүлүштүктөр сыйлыгы:"
баш тартуу
Биздин сайтта камтылган бардык маалыматтар ак ниеттүүлүк менен жана жалпы маалымат берүү максатында гана жарыяланган. Окурман биздин веб-сайттагы маалыматты кандай гана болбосун, алардын өз тобокелчилигинде.
Source: https://beincrypto.com/hacker-loses-5-eth-failed-attack-near-rainbow-bridge/