The Rainbow Bridge, which facilitates the transfer of cryptographically provable data between Near (NEAR) and Ethereum (ETH), has survived another hack, with the hacker losing ETH 5 (USD 7,878) in the process.
In an August 22 blog post, Aurora Labs CEO Alex Shevchenko said that an attack on the bridge over the weekend was automatically mitigated within 31 seconds, and that no user funds were lost.
The attack took place after a malicious actor submitted a fabricated NEAR block to the Rainbow Bridge contract. The transaction required a safe deposit of ETH 5.
"Automated watchdogs were challenging the malicious transaction, which resulted in an attacker loosing his safe deposit," Shevchenko said.
Created by Aurora as the Ethereum-compatible scaling solution built on the NEAR blockchain, the Rainbow Bridge allows users to transfer tokens between ETH, NEAR, and the Aurora networks.
"The rainbow bridge is based on trustless assumptions with no selected middleman to transfer messages or assets between chains. Because of this, anyone can interact with its smart contracts, including the NEAR light client," Shevchenko said.
He added that the bridge's relayers, scripts running on traditional servers that periodically read blocks, usually submit the info on NEAR blocks to Ethereum. However, sometimes others also submit incorrect information with bad intentions.
"The incorrectly submitted information to the NEAR Light Client may result in the loss of all funds on the bridge," Shevchenko said, adding that a consensus of NEAR validators secures this step.
Notably, a similar attack on the bridge took place on May 1, with the attacker losing ETH 2.5 during the failed attempt. At the time, Shevchenko said that the "bridge architecture was
Read more on cryptonews.com