the hacker lost 2.5 ETH in failed hack on NEAR Protocol Rainbow bridge

NEAR Protocol’s Rainbow bridge has also been hacked, a little different is that the hacker did not get money from NEAR, but on the contrary, the hacker lost 2.5 ETH of the tx fee to perform the attack since the anti-attack mechanisms are automatically implemented on the Rainbow bridge.

 

🧵 “On the Rainbow Bridge attack today. TL;DR: the attack was stopped automatically, no bridged funds lost, attacker lost some money, bridge architecture was designed to resist such attacks, additional measures to be taken to ensure the cost of an attack attempt is increased”— Alex Shevchenko on May 1, 2022

 

Specifically, this attack is described as follows:

  • 1. The bridge attacker: https://etherscan.io/address/0xa4b2aa64b348e4186539e3c3c3f2e80355a5ebc2
  • 2. Get ETH from Tornado (to anonymously remove traces of the attacker) to perform the attack at 12 AM: https://etherscan.io/tx/0x31978ff63987f452bbec505613d09d83943beaf11d9053f089310dc32fb8da59
  • 3. Hacker deploys a smart contract to deposit money to become a valid Rainbow Bridge Replayer: https://etherscan.io/address/0xd1533149879fcf443c2183802e871b8e0edcac54
  • 4. Hacker performed front running attack but failed: https://etherscan.io/tx/0xb5b489bad56352742ab3a2b5c4659d2f6487ac79f222c87079e0330af36df91e
  • 5. Hacker continues to send the same transactions at 5 AM: https://etherscan.io/tx/0x342ad0d9acfeed484f61f75971e30a38affdede61d12d17bf413f9aa0d24cc1c
  • 6. Rainbow bridge’s watchdogs detected that the block was sent not on the NEAR blockchain, so it automatically performed a challenge transaction and sent it to the Ethereum side: https://etherscan.io/tx/0x5edcf538538819c91ed2ffa115f380ccaa2fe71ca264b7b1e199cb5d913b21fc
  • 7. MEV bots immediately detected this transaction and found the problem: https://etherscan.io/tx/0xd775968438da661ca8b19aa651a646d86b0476961196b214846b52d9c4c9eb66
  • 8. Transaction failed and roll back was executed: https://etherscan.io/tx/0x020dd82b92738320488a5d76534917a5429b3008dcf8058f113f932a70771637
  • A bit later they started to investigate the strange behavior and paused all the connectors. And once figured out the details, unpaused them back.

Result: funding on Rainbow bridge is not lost, the system is still active and the hacker lost 2.5ETH. The NEAR team continues to investigate and improve the security of the system and increase the cost of attacks to secure the system.

 

For everyone’s information:

Alex Shevchenko personally knows about 5 watchdogs that are running 24/7. And no one in the world knows about all of them (protection from the insiders). You can improve the security by simply running the watchdog script from https://t.co/09In2B4JGJ

Through the manual method, every watchdog transaction that fails due to front running will be rewarded with a percentage of the attacker’s stake. Please send him a note if this occurs. He wishes everyone involved in blockchain innovation to pay close attention to the security and robustness of their products using all possible tools, including automatic systems, notifications, bug bounties, and internal and external audits. Aurora Labs is continuing to work hard to provide the most secure technology that works at the heart of the Aurora ecosystem.

 

 

 

 

 

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *