Last Saturday, an unknown malefactor tried to hack Rainbow, a bridge mechanism for value transfer between Near Protocol (NEAR) and Ethereum (ETH). Here is why he/she might be regretting it right now.
NEAR Protocol's (NEAR) Rainbow Bridge attacked with no user funds lost
In his recent Twitter thread, Mr. Shevchenko shared the details of a failed attack on an Ethereum/Near bridge that took place last Saturday in the early morning hours.
🧵 on the Rainbow Bridge attack during the weekend
— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) August 22, 2022
TL; DR: similar to May attack; no user funds lost; attack was mitigated automatically within 31 seconds; attacker lost 5 ETH. pic.twitter.com/clnE2l8Vgz
To corrupt the network consensus, an attacker submitted a fabricated NEAR Protocol (NEAR) block to Rainbow's main contract. However, his/her transaction was automatically challenged by NEAR's independent watchdogs. As the attack failed, the malefactor lost 100% of his stake, or 5 Ethers.
The reaction took 4 Ethereum (ETH) blocks, or about 31 seconds with no human interaction. The team was notified about the attack immediately, but they only needed to check whether the system is working as intended, Mr. Shevchenko adds:
After notifications on strange activities, within 1h the team was checking that everything is OK and was going back to sleep without disturbing myself or the users.
Aurora Labs CEO also stressed that security is the number one priority for his team: they launched second largest bug bounty campaign in the entire crypto history.
Alex Shevchenko has an unusual offer for an attacker
After releasing the summary of the attack analysis, Aurora Labs CEO invited the hacker to take part in a new wave of Rainbow's bug bounty, organized together with ImmutableX platform.
As per its conditions, every whitehat hacker who finds a bug in Aurora Labs' products can apply for up to $1,000,000 in bounty rewards.
Rainbow Bridge is among the most crucial elements of NEAR Protocol's architecture.
Arman Shirinyan
Alex Dovbnya
