On May 1, the NEAR Protocol Rainbow Bridge was attacked. The cross-chain bridge had temporarily been suspended for maintenance after detecting abnormal activities.
ໃນລາຍລະອຽດ ກະທູ້, Alex Shevchenko, CEO of Aurora Labs, revealed that the attack was stopped automatically as the bridge architecture was designed to resist such events. No funds were lost during the event, Shevchenko added.
ການໂຈມຕີ
It all started when the attacker sent some ETH through the popular coin mixer, Tornado Cash, on May 1. They deployed a contract meant to deposit some funds to become a valid Rainbow Bridge relayer.
The main intention was to send “fabricated” light client blocks. According to Shevchenko, the bridge watchdogs identified that the block submitted was not in the NEAR blockchain and, in turn, created a “challenge transaction” and sent it to Ethereum.
After the watchdog transaction failed, MEV bots figured that front-running it would result in a 2.5 ETH gain. The exec explained,
“As a result, watchdog transaction failed, MEV bot transaction succeeded and rolled back the fabricated block of the attacker. Some min after this, our relayer submitted a new block. A bit later we started to investigate the strange behavior and paused all the connectors. And once figured out the details, unpaused them back.”
He then revealed that the attack was mitigated fully automatically, and the users continued their transactions in both directions. Shevchenko also noted that the NEAR protocol will take additional measures to ensure the cost of an attack attempt is increased – meaning – the stake for the relayer is expected to rise manyfold, so similar endeavors would cost much more. The focus should be on security and robustness, explained the CEO.
"ຂ້າພະເຈົ້າຕ້ອງການໃຫ້ທຸກຄົນທີ່ປະດິດສ້າງໃນ blockchain ເອົາໃຈໃສ່ຢ່າງພຽງພໍກັບຄວາມປອດໄພແລະຄວາມເຂັ້ມແຂງຂອງຜະລິດຕະພັນຂອງເຂົາເຈົ້າໂດຍຜ່ານວິທີການທັງຫມົດທີ່ມີຢູ່: ລະບົບອັດຕະໂນມັດ, ການແຈ້ງເຕືອນ, bug bounties, ການກວດສອບພາຍໃນແລະພາຍນອກ."
DeFi Bridge Attacks
In recent months, blockchain bridges have become prime targets for attacks. In one of the biggest heists in the history of cryptocurrency, attackers ບໍລິຫານ to steal $620 million worth of Ethereum and USDC stablecoin from Axie Infinity’s Ronin Network after targetting Ronin Bridge, which allows users to move funds between the network and Ethereum.
Earlier this year, Qubit Bridge lost $80 million worth of cryptocurrency, while Wormhole Bridge lost $320 million just weeks later.
Binance ຟຣີ $100 (ສະເພາະ): ໃຊ້ລິ້ງນີ້ ເພື່ອລົງທະບຽນ ແລະຮັບ $100 ຟຣີ ແລະຄ່າທຳນຽມສ່ວນຫຼຸດ 10% ໃນ Binance Futures ໃນເດືອນທຳອິດ (ຂໍ້ກໍານົດ).
ຂໍ້ສະ ເໜີ ພິເສດ PrimeXBT: ໃຊ້ລິ້ງນີ້ ເພື່ອລົງທະບຽນ ແລະໃສ່ລະຫັດ POTATO50 ເພື່ອຮັບສູງເຖິງ $7,000 ໃນເງິນຝາກຂອງທ່ານ.
Source: https://cryptopotato.com/defi-crisis-averted-near-protocols-rainbow-bridge-attacker-loses-2-5-eth/