Near’s Rainbow Bridge Blocks Another Attack, Costing Hackers 5 Ethereum

Near Protocol’s Rainbow Bridge experienced another hack attempt over the weekend. 

Like the first attempt back in May, the project successfully blocked this attack “automatically within 31 seconds,” the CEO of Aurora Labs Alex Shevchenko announced on Twitter yesterday.

The Rainbow Bridge connects Near Protocol, Ethereum, and Aurora—an EVM-compatible scalability solution on Near—allowing users to move funds between the networks via smart contracts.

Since smart contracts are automated and trustless, anyone can interact with them, including bad actors. 

In the case of the recent Near attack, the attackers proposed a fabricated block on Near requiring a 5 Ethereum deposit early Saturday morning. The attacker may have been hoping that the early-morning attack would’ve been difficult to react to, said Schevchenko.

“Automated watchdogs were challenging the malicious transaction, which resulted in an attacker losing his safe deposit,” he wrote as part of the Twitter thread.

This caused the hackers to lose their 5 Ethereum deposit, or around $8,000 at the time, in 31 seconds. Users lost no money in the attempted hack.

“Dear attacker, it's great to see the activity from your end, but if you actually want to make something good, instead of stealing users' money and having lots of hard time trying to launder it; you have an alternative—the bug bounty,” added Schevchenko.

This wasn't the first time the Rainbow Bridge experienced—and successfully thwarted—a bridge hack. 

In May, an attempt to breach the bridge notified these watchdogs. Shevchenko stated that the “bridge architecture was designed to resist such attacks, additional measures to be taken to ensure the cost of an attack attempt is increased.”

The watchdogs challenged the false transaction, losing 2.5 Ethereum in the process, according to a May Twitter thread by Shevchenko. 

Crypto bridge hacks take center stage

Not all crypto bridges have thwarted attackers as successfully as Rainbow, however. 

In 2022 alone, bridge hacks account for roughly 69% of stolen crypto funds, resulting in a $2 billion loss in total, according to Chainalysis. 

The aftermath of the Nomad hack in early August, seeing $200 million stripped from its bridge, puts it at the seventh-largest hack in the industry so far.

Another devastating hack was Axie Infinity’s Ronin hack, resulting in $622 million stolen. This follows the hack on the Ethereum and Solana bridge Wormhole with a $320 million loss. 

In an interview with Decrypt, a threat analyst of Elliptic Arda Arkantura, said that bridges essentially freeze tokens between blockchains, and “this means that you have a lot of liquidity and smart contracts with funds stored on them.