Aurora Labs CEO Alex Shevchenko said: announced Hackers lost 5 ETH on Monday after the NEAR-ETH Rainbow Bridge defended against weekend attacks.
Shevchenko claimed that the attack was “automatically mitigated within 31 seconds,” demonstrating a highly effective defense mechanism for protecting user funds within the bridge.
Rainbow Bridge allows users to move $ETH, $NEAR, and ERC-20 tokens between networks. However, bridges “are based on the untrusted assumption that there are no chosen intermediaries to transfer messages or assets between chains.” These assumptions mean that anyone can manipulate smart contracts, usually maliciously.
However, it requires “consensus of NEAR validators”, so a malicious person cannot send “wrong” information. Shevchenko continues,
“If someone tries to send incorrect information, it will be challenged by an independent watchdog that also monitors the NEAR blockchain.”
“forgery The NEAR block” was submitted over the weekend and required a deposit of 5 ETH. The transaction was successfully sent to Ethereum on Saturday, August 20th at 04:49:19 PM UTC. Shevchenko argued that “the attackers wanted to complicate responding to the attack early in the morning on Saturday”, but an “automated watchdog” disputed the transaction, so the attackers just 31 seconds later he lost the deposit at 04:49:50 PM UTC.
Following a response from an automated watchdog, Shevchenko claimed that security teams had checked the bridge’s status within an hour to confirm that no further action was required.
Shevchenko ended the thread with a direct statement to the attacker, saying:
Dear attackers, it’s great to see activity from your side, but if you really want to build something good, then steal your users’ money or try to launder it. Rather than struggle; you have another option—bug bounties.
Original thread below:
🧵 About the weekend’s Rainbow Bridge attack
TL;DR: Similar to the May attacks. User funds are never lost. Attack he was automatically mitigated within 31 seconds. Attacker he lost 5 ETH. pic.twitter.com/clnE2l8Vgz— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) August 22, 2022
