Rainbow Bridge Defended Itself And Was Paid - 2023

This past weekend, NEAR Rainbow Bridge successfully defended itself against an assault and also received payment from the hacker in the form of 5 ETH by stealing it from them using automatic watchdogs that it had created.

The Agressor and His Five ETH Are Missing

The CEO of Aurora Labs, Alex Shevchenko, disclosed on Monday that the NEAR Rainbow Bridge successfully defended itself against an attack over the weekend, which resulted in the intruder losing 5 ETH. The incident took place over the weekend.

Shevchenko stated that the attack was stopped automatically within 31 seconds, which demonstrates a highly effective protective system to save the cash of bridge customers.

Users have the ability to move ERC-20 tokens, as well as ETH and NEAR, between networks by utilizing the Rainbow Bridge. On the other side, the bridge is built on trustless ideas and does not have a designated middleman to facilitate the transfer of messages or assets between chains. As a consequence of these presumptions, smart contracts are open to participation from anyone, generally for unethical reasons.

On the other hand, malicious actors are unable to submit “incorrect” information as it is required that “a consensus of NEAR validators” be present. Shevchenko continued on,

“if anybody attempts to submit erroneous information, then it would be disputed by independent watchdogs, who also monitor the NEAR blockchain,”

A malicious NEAR block was mined over the weekend, which resulted in a fee of 5 ETH having to be paid. The transaction was successfully uploaded to Ethereum on Saturday, August 20 at 4:49:19 PM UTC. Shevchenko stated that the perpetrator of the incident on early Saturday morning thought that it would be difficult for others to respond to the attack. However, the transactions were challenged by the autonomous whistleblowers, which led to the attacker losing their deposit 31 seconds later at 4:49:50 UTC.

Shevchenko stated that after the security team received the response from the automated watchdog, they inspected the state of the bridge within an hour to ensure that no more action was required.

Shevchenko wrapped up the conversation by adding, “To the assailant,” which was directed squarely at him.

“hello attacker, it’s nice to see the engagement from your end, but if you genuinely want to make something positive, instead of snatching users’ money while having loads of difficult time attempting to conceal it; you have an opportunity – the bug bounty.”

The original tweet thread from Schevchenko can be found below:

How Does Rainbow Bridge Work
First things first. All everyone needs is the ETH Faucet and a Metamask wallet to get started. Then, once on NEAR, the purchase will finalize in around 1-2 seconds, all while costing under a $1 in most circumstances.

Sending assets from ETH to NEAR takes 20 blocks worth of time (6 minutes) and for ERC – 20 costs roughly $10 (average amount) (average amount).

Now, doing it the other way around i.e. sending NEAR back to ETH takes a most of 16 hours, and this is purely due to ETH finality times. This would cost the consumer about $60.