On May 1, an assault was launched on the NEAR Protocol Rainbow Bridge. According to Aurora Labs CEO Alex Shevchenko, no money has been taken and the attacker even lost some money.
Shevchenko said that more precautions will be made to enhance the cost of an assault. He also revealed the attacker’s ETH address, which had been supplied through Tornado Cash at the outset. In the beginning, the attacker sent out a contract to deposit some money to become a Rainbow Bridge relayer. The attack plan was to transmit light client blocks made up by the attackers.
An Ethereum challenge transaction was issued to Ethereum when a bridge watchdog found the submitted block wasn’t on the NEAR Protocol blockchain after some time had passed. In a tweet, Shevchenko explains why he thinks this is the case.
This resulted in the watchdog transaction failing, but the MEV bot transaction was able to successfully revert the attacker’s malicious code. Our relayer then transmitted the following block a little time later:”
In a long Twitter post, Shevchenko details the situation in great detail. The emphasis, on the other hand, is on safety precautions,
Every blockchain innovator should put the security and robustness of their products at the top of their priority list and use every available tool to do so: automated systems, alerts, bug bounties, and in-house and external audits.
The Rainbow Bridge connects the Ethereum, NEAR, and Aurora blockchains, allowing users can move assets across them. Because of the exceptional quality of the user experience that it provides, it was developed by Aurora Labs.
In recent months, there has been an increase in attacks against bridges. The greatest of them was the theft of $615 million from the Ronin Bridge breach. Meter and Wormhole are two more types of assaults.
There is a lot of money to be made in the Defi sector, making it an appealing target for hackers. Over $1.22 billion has been taken from the Defi market in the first quarter of 2022 alone. In comparison, this year’s figure is roughly eight times as high as the previous year’s.
Developers should concentrate on security because of this, says Shevchenko. The more money that is available, the more likely it is that criminals will attempt to carry out a crime. In the future, security and audits will be critical to long-term viability.