Hacker failure in Rainbow Bridge attack costs him 2.5 ETH
A fraudster attempted to defraud the protocol on May 1 when he launched a contract meant to deposit some funds in order to become a Rainbow Bridge repeater.
According to Alex Shevchenko, CEO of Aurora Labs, no funds were stolen, and the intruder even lost some money. The trick behind the attack was to send non-existent light client blocks (user nodes with minimal load).
After a while, one of the bridge observers discovered that the NEAR Protocol blockchain lacked the sent block, so he disputed the transaction. As a result, the fraud attempt was detected. In his Twitter account, the CEO provided more details on the attack and its blocking process and urged blockchains to pay more attention to security.
The company also disclosed the address of the attacker, who proceeded with sending some ETH tokens via Tornado Cash.
🧵 on the Rainbow Bridge attack today.
— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) May 1, 2022
TL;DR: attack was stopped automatically, no bridged funds lost, attacker lost some money, bridge architecture was designed to resist such attacks, additional measures to be taken to ensure the cost of an attack attempt is increased
Subscribe to our Telegram channel for the most relevant, interesting, and informative news from the crypto industry.