Failed Near Protocol Attack Costs hacker 2.5 ETH
- An attack targeted at Near Protocol on May 1st failed.
- The attacker seems to have lost 2.5 ETH in the process.
The NEAR Protocol Rainbow Bridge was targeted on May 1. After suspicious activity was discovered, the cross-chain bridge was temporarily halted for maintenance.
Alex Shevchenko, CEO of Aurora Labs, disclosed in a lengthy tweet thread that the assault was instantly terminated since the bridge architecture was meant to withstand such situations. Shevchenko said that no money was lost during the occasion.
The failed attack
It all started on May 1 when the attacker sent some ETH using Tornado Cash, a famous coin mixer. They used a contract to deposit cash in order to become a legitimate Rainbow Bridge relayer.
The primary goal was to transmit "fake" light client blocks. According to Shevchenko, the bridge watchdogs determined that the block presented was not on the NEAR blockchain and forwarded it to Ethereum as a "challenge transaction."
MEV bots calculated that front-running the watchdog transaction would result in a 2.5 ETH gain if it failed. Because of the successful challenge, that 2.5ETH was paid to the MEV bot.
According to the executive, “As a result, watchdog transaction failed, MEV bot transaction succeeded and rolled back the fabricated block of the attacker. Some min after this, our relayer submitted a new block. A bit later, we started to investigate the strange behavior and paused all the connectors. And once figured out the details, unpaused them.”
He went on to say that the assault was entirely automated and that the users were able to continue their transactions in both ways.
Shevchenko further stated that the NEAR protocol would take extra precautions to guarantee that the cost of an assault attempt is enhanced - indicating that the stakes for the relayer are projected to climb manifold, resulting in substantially higher costs for such undertakings. According to the CEO, the focus should be on security and robustness.
The information provided on DecentReviews does not constitute investment advice, financial advice, trading advice, or any other sort of advice. Do not treat any of the websites content as such. DecentReviews does not recommend that any cryptocurrency or blockchain asset should be bought, sold, or held by you. Conduct your own due diligence and consult your financial advisor before making any investment decisions.