Attackers trying to exploit Near Protocol’s Rainbow bridge lost some 5 ether (ETH), or just over US$8,000 at current rates, over the weekend after automated security processes by the bridge’s validators kicked in and mitigated the threat in under 31 seconds.
Blockchain-based bridges allow users to send and receive tokens between different networks by locking native tokens on either side. Rainbow allows users to send tokens among the Ethereum, Near and Aurora networks and has over $2.3 billion in assets locked on the protocol, data shows.
Rainbow developer Alex Shevchenko said in a note Monday that an attacker submitted a fabricated Near block to the Rainbow bridge contract over the weekend by putting up a “safe deposit” of 5 ether.
That transaction was successfully submitted to the Ethereum network, with the attacker expecting Rainbow developers to be unavailable to mitigate any threats. “[The] attacker was hoping that it would be complicated to react to the attack early Saturday morning,” Shevchenko explained.
The attacker likely intended to fake transactions and trick Rainbow’s smart contracts into releasing locked funds without depositing any initial funds. Such a sophisticated mechanism has previously been used to exploit several blockchain bridges, such as Nomad’s recent $200 million exploit.
But Rainbow’s validators automatically caught the fabricated block that the attacker tried to submit, challenged and blocked the transaction, and took away the safe deposit of 5 ether put up by the attacker.
This was possible because of how the Rainbow bridge works. As a wholly decentralized platform, Rainbow relies on several validators, called bridge relayers, who submit block info on Near blocks to Ethereum. Anyone can submit information to Rainbow, and false information could likely result in a loss of all user funds.
However, this is where the validators step in: They agree on which transactions are genuine by tracking blockchain activity on all networks connected to Rainbow. Incorrect transactions are challenged by independent “watchdogs” who observe the Near blockchain to check for data misfits, with incorrect transactions getting flagged and eventually blocked.
Such a mechanism protects the network from seeing potentially hundreds of millions of dollars in losses, especially as bridge attacks become more commonplace.
In late June, attackers linked to North Korean hacker group Lazarus exploited a vulnerability in Harmony's Horizon Bridge to steal over $100 million. In March, Axie Infinity’s Ronin Network was exploited for over $625 million, while Solana-based cross-chain bridge Wormhole lost over $325 million to attackers in February.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.