The NEAR Protocol Rainbow Bridge has survived a potential heist, as an attacker’s attempt to steal funds on the network was promptly uncovered and foiled by security bots on the platform, resulting in a loss of 2.5 ETH for the hacker, according to a May 1, 2022, Twitter thread by Aurora Labs’ Alex Shevchenko.
Rainbow Bridge Bots Foil Attack
In a lengthy Twitter thread on May 1, 2022, Alex Shevchenko, the CEO of Aurora Labs, revealed details of how the security bots on NEAR Protocol’s Rainbow Bridge successfully mitigated a potential heist on the network.
The hacker initiated the attack by getting about 10 ETH on Tornador Cash, a decentralized, non-custodial mixer protocol designed to improve transaction privacy by breaking the on-chain link between source and destination addresses. He then proceeded to deploy a smart contract to deposit the ETH gotten from Tornado into the bridge in a bid to become a valid Rainbow Bridge relayer and send his fabricated light client blocks.
The attacker then tried to front-run the Rainbow Bridge relayers but failed on his first attempt. However, the transaction went through on the second rial.
“He was trying to hit the moment to front-run our relayer but failed to do it. After that, he decided to send a similar transaction with the block timestamp in the future (+5h), his transaction successfully substituted the previously submitted block,” tweets Shevchenko.
However, the hacker’s efforts failed to yield the desired results, as one of the Rainbow Bridge watchdog bots quickly noticed that the fabricated block submitted by the attacker was not in the NEAR blockchain. It then created a challenge transaction and sent it to the Ethereum network.
In the same vein, the maximal extractable value (MEV) bots on the network immediately detected the challenge transaction from the watchdog bots, front ran it for a gain of 2.5 ETH and rolled back the hacker’s fabricated block.
“In a short period, one of the bridge watchdogs figured out that the block submitted is not in the NEAR blockchain; created a challenge transaction, and sent it to Ethereum. Immediately, MEV bots detected this transaction and figured out that front-running it would result in 2.5 ETH gain, so they did exactly this,” he noted.
For those who are unaware, MEV bots are designed to fish out transactions containing large trades that are yet to be added to a block on a blockchain network. In this case, the MEV bots successfully front ran the attacker’s transaction, thereby mitigating its adverse effect before it got recorded on the blockchain.
Shevchenko says the attack was completely foiled by the bots without users of the network noticing any anomaly and the “attacker lost 2.5 ETH, which was paid to the MEV bot because of the successful challenge,” he added.
Going forward, the Rainbow Bridge team says it will introduce measures that would make this kind of attack much more expensive to execute. The team has also urged DeFi solutions developers to strive to improve the security of their systems through all the available means.