Second attack repelled for Rainbow Bridge! Rainbow Bridge as part of its name suggests is a bridge to facilitate data transfer between Near (NEAR) and Ethereum (ETH). However, it turns out that it has just suffered a new hacking attempt. Fortunately, it did not reach its goal and the hacker even lost 5 ETH in the process.
A repelled attack
CEO Alex Shevchenko told us the news via a blog post from Aurora Labs. His company is behind an Ethereum virtual machine (EVM) called Aurora to offer compatibility solutions between Near and Ethereum to developers, all with low-cost transactions. So, Rainbow Bridge belongs to Aurora Labs.
As a result, Alex Shevchenko explains (via his blog and also Twitter) that on August 22 an attack took place on the Rainbow Bridge and that it had no impact. In 31 seconds the attack was stopped automatically and no user risked or lost their funds. Therefore, it proves how reliable the system is and also adds:
"Security protocols challenged the illicit transaction which resulted in a loss of 5 ETH for the hacker behind this attack."
Thus, Rainbow Bridge is a bridge built on the NEAR blockchain and serves as a solution to transfer tokens between NEAR, ETH, and Aurora networks. There is no middleman to transfer data between blockchains.
This is why anyone can interact with smart contracts and also with the NEAR light client according to Shevchenko.
Sometimes users with bad intentions send incorrect information using the Near light client which can lead to the loss of all funds on the bridge. Nevertheless, there are NEAR validators that secure and verify this step.
Second attempt
This August 22 attack is in fact the second attempt. Indeed, on May 1, a first attempt ended in failure, also resulting in a loss of 2.5 ETH for the hacker.
Alex Shevchenko had spoken on his Twitter account to reassure users and indicate that the architecture of the bridge aims to counter and resist such attacks.
.png)
Going further, Shevchenko took the opportunity to address hackers trying to destroy Rainbow Bridge's security by suggesting that they join the bug-hunting program rather than try to steal user funds.
It turns out that Aurora is offering white hat rewards of up to $1 million for reporting any critical flaws that may affect the operation of the bridge.
Alex Shevchenko said:
"Dear hackers, it's nice to see some activity from you, but if you really want to make yourself useful instead of stealing users' funds and having a bad time laundering that money, there's been an alternative: our bug hunting program!"
Bridges: a sensitive technology
Although these two attacks on Rainbow Bridge were failures on the part of the pirates, unfortunately not all bridges were so lucky. According to Immunefi, a platform serving as a bug hunting program and security issues, malicious individuals stole more than $670 million via crypto protocols during the second quarter of 2022.
Compared to the beginning of 2021, it is almost more than 50%, because the amount at the time was 440 million dollars stolen by hackers and fraudsters.
Last June, a hacker exploited a security hole in the Horizon Bridge to steal $100 million.
Of course, the most notorious case was last March when the Ronin network lost over $600 million following the exploitation of a flaw in its bridge that led to an unprecedented drop in the game Axie Infinity (AXS).
Exchanges are also not immune, as Wormhole lost 325 million following a hack last February.
A target of choice
Bridges are a relatively new and extremely useful technology in the world of cryptocurrencies, but also relatively vulnerable. This offers the possibility for users to transfer tokens to another blockchain and therefore convert them.
However, it is also an opportunity for pirates to strike a blow. Indeed, these technological marvels are extremely complex and in addition, as they are used to make token transfers, there is generally a lot of liquidity gravitating around a bridge.
Therefore, it is a prime target for a hacker. Moreover, although computer protocols are increasingly secure, there is no tamper-proof system. Security vulnerabilities have been around forever and there are so many parameters to take into account that it seems impossible to fully avoid them.
In addition, it is a growing phenomenon whether it is phishing attacks, scams, or the exploitation of loopholes, the crypto world is increasingly plagued by malicious individuals seeking to steal users and investors in this new industry.
0 Comments