The Rainbow Bridge, which facilitates the change in cryptographically provable data between Near (NEAR) and Ethereum (ETH), has survived another hack, using the hacker losing ETH 5 (USD 7,878) along the way.
Within an August 22 blog publish, Aurora Labs Chief executive officer Alex Shevchenko stated that the attack around the bridge over the past weekend was instantly mitigated within 31 seconds, which no user funds were lost.
The attack required place following a malicious actor posted a fabricated NEAR block towards the Rainbow Bridge contract. The transaction needed a secure deposit of ETH 5.
“Automated watchdogs were challenging the malicious transaction, which led to an assailant loosing his safe deposit,” Shevchenko stated.
Produced by Aurora because the Ethereum-compatible scaling solution built around the NEAR blockchain, the Rainbow Bridge enables users to transfer tokens between ETH, NEAR, and also the Aurora systems.
“The rainbow bridge is dependant on trustless assumptions without any selected middleman to transfer messages or assets between chains. Due to this, anybody can communicate with it’s good contracts, such as the NEAR light client,” Shevchenko stated.
He added the bridge’s relayers, scripts running on traditional servers that periodically read blocks, usually submit the data on NEAR blocks to Ethereum. However, sometimes others also submit incorrect information with bad intentions.
“The incorrectly posted information towards the NEAR Light Client may lead to losing all funds around the bridge,” Shevchenko stated, adding that the consensus of NEAR validators safeguards this task.
Particularly, an identical attack around the bridge required put on May 1, using the attacker losing ETH 2.5 throughout the unsuccessful attempt. At that time, Shevchenko stated the “bridge architecture is built to resist such attacks.”
Meanwhile, Shevchenko requested online hackers to participate bug bounty programs rather of attempting to steal user funds. Aurora offers white-colored hat online hackers as much as USD 1m in bounty for stopping hacks and reviewing code.
“Dear attacker, it is good to determine the game out of your finish, however if you simply really need to make something good, rather of stealing user funds and getting plenty of difficult time attempting to launder it you possess an alternative — the bug bounty,” he stated.
The unsuccessful attempt from the Rainbow Bridge may come as bad actors stole over USD 670m from crypto protocols throughout the second quarter of the season, based on Immunefi, a significant bug bounty and security services platform. This figure expires by almost 50% when compared with Q2 2021, when online hackers and fraudsters stole USD 440m.
As reported, at the end of June, a hacker exploited a vulnerability in Harmony‘s Horizon Bridge to steal USD 100m price of different cryptoassets. And just before that, the Ronin Network was exploited towards the tune of USD 600m, while decentralized finance (DeFi) platform Wormhole lost almost USD 325m to online hackers in Feb.
____
Find out more:
– Hack Summer time Continues with Acala Becoming the fourth Victim in August, ‘We’ll see More Attacks’
– Solana-Based Phantom Wallet Unveils ‘Burn NFTs’ to Safeguard Customers From Scams
– Over USD 36M Came back to Nomad Bridge’s Fund Recovery Address
– Solana Blames Slope Wallet for Hack While Slope States that ‘Nothing is Yet Firm’
– Axie Infinity Developer Denies Wrongdoing Following Ronin Hack-Related Crypto Transfer Discovery
– Crema Finance Hacker Takes USD 1.7M in Bounty, Returns USD 8M
– Primary Types of the largest Hacking Attacks During IDO
– NFT Hacks Via Discord Might Be Connected – Analysts
