On May 1, the NEAR Protocol Rainbow Bridge, a cross-chain bridge, was targeted in an unsuccessful attempt which caused the attacker a loss of 2.5 ETH tokens. The bridge had been briefly halted for repair when anomalous activity was detected. The assault was instantly terminated as the bridge architecture was already designed to withstand such situations. As per the information, no funds were lost during the event, however, the attackers lost 2.5 ETH.
An unsuccessful attack on NEAR Protocol Rainbow Bridge
On May 1, the attacker transmitted some ETH tokens through the famous coin mixer Tornado Cash. The attacker used a contract to deposit funds in order to become a legitimate Rainbow Bridge relayer. The primary goal was to send fabricated light client blocks. The bridge watch dogs determined that the submitted block was not on the NEAR blockchain and produced a challenge transaction that was transmitted to Ethereum.
Maximal extractable value (MEV) bots calculated that front-running the watchdog transaction would result in a 2.5 ETH gain if it failed. As a consequence, the watchdog transaction failed. However, the MEV bot transaction succeeded and rolled back the attacker’s created block.
According to Alex Shevchenko, CEO of Aurora Labs, the assault was completely automated, and the users’ transactions continued in both directions. NEAR protocol would take extra efforts to enhance the cost of an assault attempt, implying that the stakes for the relayer are projected to climb manyfold, making such endeavours considerably more expensive.
Recent attacks on Blockchain bridges
Blockchain bridges have recently become ideal targets for cyber-attacks. In one of the largest cryptocurrency heists in history, attackers stole $620 million in Ethereum and USDC stablecoin from Axie Infinity’s Ronin Network after targeting Ronin Bridge. Qubit Bridge lost $80 million in bitcoin earlier this year, while Wormhole Bridge lost $320 million just a few weeks later.
