It has been revealed that the Rainbow Bridge of Near Protocol survived a failed hacking attempt over the weekend. Hackers that tried to exploit Rainbow Bridge lost 5 ETH in the attempt. It is almost $8,000 at the current market rate. The automated security processes by the validators of the Rainbow Bridge played a key role in nullifying the threat within 31 seconds.
1/15 The rainbow bridge is based on trustless assumptions with no selected middleman to transfer messages or assets between chains. Because of this, anyone can interact with its' smart contracts, including the NEAR light client: https://t.co/fkhHEJkBVg
— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) August 22, 2022
The CEO of Aurora Labs, Alex Shevchenko announced that Rainbow Bridge was able to block the attempt just like the first attempt in May. Rainbow connects Near Protocol, Ethereum, and Aurora while allowing users to transfer funds between these networks through smart contracts. Blockchain bridges like Rainbow allow consumers to send and receive tokens by locking native tokens on either side.
Moreover, Rainbow Bridge has more than $2.3 billion in locked assets on the protocol. As per details, the hacker submitted a fabricated Near block into the contract of Rainbow Bridge. In this contract, he also had a “safe deposit” of 5 ETH. This transaction was then submitted to the Ethereum Network. However, the attacker expected to dodge Rainbow developers early Saturday morning.
Hacker Loses Funds While Tricking Rainbow Bridge
Reports suggest that the hacker tried to fake transactions. The aim of the hacker was to trick Rainbow’s smart contract into releasing locked funds without depositing any funds. Many hackers have been able to trick several blockchain bridges and exploit them for millions of dollars.
Validators of Rainbow were able to catch the fabricated block. They challenged and then blocked the transaction. Moreover, they also captured the safe deposit of 5 ETH that was initially deposited by the hacker. All of this was possible because of the working mechanism of the Rainbow Bridge.
Being a decentralized platform, Rainbow depends on numerous validators that are called bridge relayers. These validators submit block information on Near blocks to Ethereum. Anyone is able to submit info to Rainbow and fabricated data to lead to the loss of all funds.
But at this point, validators kick in and agree on which transactions are genuine and which are incorrect. They also track the blockchain activity on all networks to determine the authenticity of the transaction. Finally, incorrect transactions are flagged and then eventually blocked.
This mechanism helps networks in protecting the network from a loss of millions of dollars. Since bridge attacks are becoming more and more common, this systematic check is becoming incredibly important. Several hacking groups, including the Lazarus group from North Korea, have taken advantage of vulnerabilities in blockchain bridges.
