Dr. Alex Shevchenko, CEO of Aurora Labs, posted on Twitter that the Rainbow Bridge was attacked over the weekend. The attack was mitigated within 31 seconds and no user funds were lost.
This attack cost the bad actor dearly as he lost 100% of his stake or 5 ETH. This was not the first time someone tried to attack the rainbow bridge.
Earlier this year, another attacker tried to game the bridge but was found by the watchdog. The attack was mitigated fully automatically and the attacker lost 2.5 ETH.
What is Rainbow bridge?
Rainbow Bridge is one of the most important bridges in the NEAR ecosystem. Launch in April 2021, the rainbow bridge allows users to bridge ERC-20 token to the NEAR blockchain.
“The bridge brings access to liquidity that is available on Ethereum. That is the most important thing. Many of our partners are saying, we would like to launch Automatic Market Making — We would like to launch flash loans, or another DeFi project, so they would like to do it. But in order to do this, they need to have a backbone of DeFi”Dr. Alex Shevchenko, CEO of Aurora Labs
The permissionless and trustless bridge allows anybody to transfer their assets from one blockchain to the NEAR ecosystem without any middleman between the chains.
The bridge attack
Under normal circumstances, the Rainbow bridge relayers are the ones in charge of submitting information on NEAR blocks to the Ethereum blockchain.
The attackers fabricated a NEAR block and successfully submitted it to the Ethereum blockchain. To do this transaction, the attacker had to put in a safe deposit of 5 ETH (US$8,000).
However, the malicious transaction was flagged and it was challenged by the automated watchdogs. This reaction took only 31 seconds (4 Ethereum blocks) and as a result, the attacker lost all his safe deposits.
[Editor’s Note: This article does not represent financial advice. Please do your own research before investing.]
Featured Image: Chaindebrief