Hacker’s failed Rainbow Bridge cross-chain attack costs him 5 ETH

The Rainbow Bridge cross-chain bridge successfully repelled an attack by an unknown hacker, which he attempted on August 20. This was disclosed by Aurora Labs CEO Alex Shevchenko.

🧵 on the Rainbow Bridge attack during the weekend
TL; DR: similar to May attack; no user funds lost; attack was mitigated automatically within 31 seconds; attacker lost 5 ETH. pic.twitter.com/clnE2l8Vgz

— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) August 22, 2022

The attacker sent a forged NEAR block, for which a deposit of 5 ETH (more than $7,850 at the time of writing) was required. According to Shevchenko, the unknown attacker expected that on Saturday morning it would be difficult for the developers to respond to the attack.

6/15 The transaction was successfully submitted in the Ethereum blockchain in the block 15378741 on Aug-20-2022 04:49:19 PM +UTC.
Note the time of attack: an attacker was hoping that it would be complicated to react on the attack early Saturday morning.

— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) August 22, 2022

The system automatically rejected the forged block 31 seconds after the transaction was submitted. As a result the hacker lost his deposit; users’ funds remained safe.

Shevchenko added that a similar attack had been attempted on May 1. He suggested that the attacker participate in the bug-bounty program for the NEAR network’s Layer-2 protocol rather than “stealing users’ funds and spending time trying to launder them.”

14/15 And forth, dear attacker, it’s great to see the activity from your end, but if you actually want to make something good, instead of stealing users money and having lots of hard time trying to launder it; you have an alternative — the bug bounty:https://t.co/w67Y5AhRoH

— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) August 22, 2022

The NEAR Protocol launched the L2 protocol Aurora to interact with Ethereum in May 2021.

In May 2022 the Aurora developers opened a fund of about $90 million to accelerate DeFi application development. Later, the project 1inch Network announced the integration with the Ethereum Virtual Machine.

In August, Matt Henderson, head of product at Aurora Labs, revealed a ‘captivating and sophisticated’ scheme of fraud involving a cryptocurrency OTC trade, of which he nearly became a victim.

Follow ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analytics.