Aug 23, 2022 Frank Stewskid
The attack took place over the weekend and similarly to the previous such attempt, that happened in May 2022, was mitigated automatically within 31 seconds, according to Aurora Labs CEO Alex Shevchenko.
🧵 on the Rainbow Bridge attack during the weekend— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) August 22, 2022
TL; DR: similar to May attack; no user funds lost; attack was mitigated automatically within 31 seconds; attacker lost 5 ETH. pic.twitter.com/clnE2l8Vgz
The Rainbow Bridge, connecting NEAR Protocol, Aurora, and Ethereum operates under trustless assumptions when transferring assets between chains and requires no middleman. To achieve this, the platform relies on Rainbow bridge relayers to submit NEAR blocks info to Ethereum, but there are cases when others can do this.
Over the weekend, an attacker submitted a fabricated NEAR block to the bridge’s smart contract, as the transaction required a safe deposit of five ETH, the attacker deposited them and successfully submitted the transaction on the Ethereum blockchain. According to Alex Shevchenko, the timing of the transaction (20 August 2022 04:49:19 PM +UTC) aimed to make it complicated for NEAR validators to notice the fraudulent transaction.
However, in this case, no human reaction was required, the malicious transaction was challenged by automated watchdogs and the attacker lost their safe deposit of five ETH. The Aurora CEO also noted that the attack was absolutely similar to the May 1, 2022 attack which was automatically stopped by the project.
Furthermore, unlike the attacker’s supposed intentions of catching the security team off guard, the strange activities were indeed observed by the team and found to not be a threat to the bridge.