Hacker Tries to Exploit NEAR Rainbow Bridge, Ends up Losing 5 ETH
The Rainbow Bridge hack over the weekend resulted in funds being restored to users in 31 seconds with no harm done, although the attacker lost 5 Ethereum in the process.
Hacker Loses 5 ETH in Failed Attack on Rainbow Bridge
Malicious actors are increasingly targeting cross-chain bridges. However, not every hacker is able to make millions from their exploit attempts. Some of them wind up losing money from their own wallets.
In a Twitter thread on August 22, Alex Shevchenko, the CEO of Aurora Labs, detailed the story of a hacker who attempted to exploit the Rainbow Bridge but failed and lost 5 Ether (ETH), worth about $8,000 at the time of writing.
The hacker, according to Shevchenko, provided a fabricated NEAR block to the Rainbow Bridge contract and made the required 5 ETH safe deposit. In addition, the attacker timed the exploit attempt on a Saturday, assuming that the team would be slow to respond throughout the weekend.
Despite the hacker’s plan, the CEO emphasized that automated watchdogs were in place to combat the illicit transaction. Within 31 seconds, the attempt was thwarted, resulting in the loss of the hacker’s safety deposit.
Rainbow Bridge Faced Prior Attacks
This was not the first time the Rainbow Bridge has encountered a bridge hack and successfully foiled it. On May 1, the platform defended against a hacking attempt to steal funds. Shevchenko explained that this is “because the bridge architecture was designed to resist such attacks.”
Because of the increased number of exploit attempts, the CEO stated that his team is considering raising the amount required for safe deposits. The idea was scrapped, though, because the team wants to stay as dedicated to decentralization as possible.
Shevchenko also left a message for the attacker:
“It’s great to see the activity from your end, but if you actually want to make something good, instead of stealing users money and having lots of hard time trying to launder it; you have an alternative — the bug bounty:”
On June 7, Aurora Labs offered a $6 million bug bounty to an ethical security hacker who revealed a major vulnerability to the Aurora team. The bug was quickly addressed, and user funds were safeguarded. Over $200 million may have been lost had the whitehat hacker decided to compromise the network.
Crypto Bridge Hacks Take the Spotlight
However, not all crypto bridges have been as effective in thwarting attackers as Rainbow. In 2022 alone, bridge attacks account for around 69% of stolen crypto funds, resulting in a total loss of $2 billion, according to Chainalysis.
The aftermath of the Nomad hack in early August, which saw $200 million stolen from its bridge, ranks it as the seventh-largest hack in the industry’s existence.
Another disastrous hack was Axie Infinity’s Ronin hack, which resulted in the theft of $625 million. This comes on the heels of a $320 million loss due to a hack on the Ethereum and Solana bridge Wormhole.
Meanwhile, the entities responsible for the Ronin Bridge hack have moved the stolen funds into Bitcoin (BTC). Using the privacy tools Blender and ChipMixer, the hackers continue to attempt to disperse the stolen funds in an effort to evade the authorities.
