Aurora Labs CEO Alex Shevchenko said that on Aug. 22 a hacker lost 5 Ethereum (ETH) in a failed attack on the NEAR/ETH Rainbow Bridge over the weekend. No user funds were lost.
Shevchenko said the attack “was mitigated automatically within 31 seconds,” highlighting what looks like an effective mechanism to safeguard user funds on the bridge.
It comes as hackers apiplėštas beveik 2 mlrd defi pramonės per pirmuosius šešis šių metų mėnesius Chainalysis.
Aurora ‘watchdogs’ prevent Rainbow Bridge attack
The Rainbow Bridge allows users to transfer tokens between ETH, NEAR, and the Aurora networks. It was created by Aurora, the Ethereum-compatible scaling solution built on the NEAR blockchain.
Users can send ERC-20 assets directly from MetaMask or other Web3 wallets to NEAR wallets and applications, and vice versa.
The bridge “is based on trustless assumptions with no selected middleman to transfer messages or assets between chains.” Because of this, anyone can interact with its smart contracts, “usually with bad intentions.”
Shevchenko said cybercriminals cannot, however, submit “incorrect” information due to the need for “a consensus of NEAR validators,” which protect against the potential loss of all funds on the bridge.
“If someone tries to submit incorrect information, then it would be challenged by independent watchdogs, who also observe NEAR blockchain,” he said in a dienoraščio įrašas.
Fabricated block creation
Over the weekend, an attacker submitted “a fabricated NEAR block” to the Rainbow bridge, requiring a so-called “safe deposit” of 5 ETH. The transaction was successfully submitted to Ethereum on Aug. 20, at 04:49:19 PM UTC.
Shevchenko said the hacker “was hoping that it would be complicated to react [to] the attack early Saturday morning.”
However, “automated watchdogs challenged the malicious transaction,” resulting in the attacker losing their 5 ETH deposit, valued at about $8,000 at the time.
“The reaction took only 31 seconds,” claimed the Aurora CEO. “After notifications on strange activities, within one hour the team was checking that everything is OK…”
This is not the first time that the Rainbow bridge has been attacked. On May 1, the platform ginti an attempt by hackers to siphon funds. Shevchenko said that is “because the bridge architecture was designed to resist such attacks.”
He added that Aurora “discarded” plans to boost saugumas by increasing the safe deposit because that would make the bridge “more permissioned” and less decentralized. Instead, the protocol paid a $6 million bounty to ethical hackers to help secure user funds.
Shevchenko had a special message for the attacker:
„Puiku matyti veiklą iš savo pusės, bet jei iš tikrųjų norite padaryti ką nors gero, užuot vogę vartotojų pinigus ir sunkiai bandę juos išplauti; jūs turite alternatyvą - klaidų kompensaciją:
Atsakomybės neigimas
Visa mūsų svetainėje esanti informacija skelbiama sąžiningai ir tik bendro pobūdžio informacijos tikslais. Bet kokie veiksmai, kuriuos skaitytojas imasi remdamasis mūsų svetainėje esančia informacija, yra griežtai jų pačių rizika.
Source: https://beincrypto.com/hacker-loses-5-eth-failed-attack-near-rainbow-bridge/