The Rainbow Bridge, which facilitates data transfer between Near (NEAR) and Ethereum (ETH), survived another hack and the hacker lost 5 ETH ($7,878) in the process. In a blog post published on Aug. 22, Aurora Labs CEO Alex Shevchenko revealed that the weekend bridge attack was automatically repelled in 31 seconds and users suffered no loss of funds.
The attack occurred after the attacker sent a fake NEAR block to the protocol’s smart contract. The transaction required a secure deposit of 5 ETH.
“Automated security systems disputed the malicious transaction, causing the attacker to lose his deposit,” Shevchenko said.
Created by Aurora as an Ethereum compatible scaling solution built on the NEAR blockchain, Rainbow Bridge allows users to transfer tokens between the ETH, NEAR and Aurora networks.
“Rainbow Bridge is based on unreliable assumptions, with no chosen intermediary to transfer messages or assets between chains. Because of this, anyone can interact with its smart contracts, including the NEAR thin client,” Shevchenko said.
He added that bridge relays, scripts running on traditional servers that periodically read blocks, typically send NEAR block information to Ethereum. However, sometimes other people also provide incorrect information with bad intentions.
“Information mishandled to the NEAR thin client could result in the loss of all funds on the bridge,” Shevchenko said, adding that the move ensures the consensus of NEAR validators.
A similar attack on the bridge took place on May 1, and during this failed attempt, the attacker lost 2.5 ETH. Shevchenko said at the time that “the architecture of the bridge is designed to withstand such attacks.”
Shevchenko also suggested that hackers join bug bounty programs instead of trying to steal user funds. Aurora is offering white hat hackers a reward of up to $1 million to prevent break-ins and code reviews.
“Dear attacker, we are happy to see a resumption of activity on your part, but if you really want to do something useful, instead of stealing users’ funds and going to great lengths to launder them, you have another alternative: a bug bounty “, he said.
The failed Rainbow Bridge attempt came as illegal figures stole more than $670 million from crypto protocols in the second quarter of this year, according to Immunefi, a leading cryptocurrency security and reward platform. This figure is almost 50% more than in the second quarter of 2021, when hackers and scammers stole $440 million.
In late June, a hacker reportedly exploited a vulnerability in the Harmony Horizon Bridge protocol to steal $100 million in various cryptocurrencies. Prior to that, the Ronin Network suffered a $600 million attack, and decentralized finance (DeFi) platform Wormhole lost almost $325 million to hackers in February.
Follow our affiliate links:
- To buy cryptocurrency in the SEPA zone, Europe and French citizens, visit Coinhouse.
- To buy cryptocurrency in Canada, visit Bitbuy
- To generate interest in your bitcoins, go to the BlockFi website.
- To secure or store your cryptocurrencies, purchase Ledger or Trezor wallets.
- To trade crypto anonymously, install the NordVPN app.
To invest in cryptocurrency or masternode mining:
To accumulate coins while playing:
- In poker on the gaming platform CoinPoker
- To global fantasy football on the Sorare platform
Stay up to date with our free weekly newsletter and our social media: