Rainbow Bridge Resists Another Hack, Attacker Loses ETH 5

DeFi Ethereum Hack Security
Author
Author
Ruholamin Haqshanas
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated: 
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Source: AdobeStack / Sashkin

 

The Rainbow Bridge, which facilitates the transfer of cryptographically provable data between Near (NEAR) and Ethereum (ETH), has survived another hack, with the hacker losing ETH 5 (USD 7,878) in the process.

In an August 22 blog post, Aurora Labs CEO Alex Shevchenko said that an attack on the bridge over the weekend was automatically mitigated within 31 seconds, and that no user funds were lost.

The attack took place after a malicious actor submitted a fabricated NEAR block to the Rainbow Bridge contract. The transaction required a safe deposit of ETH 5.

“Automated watchdogs were challenging the malicious transaction, which resulted in an attacker loosing his safe deposit,” Shevchenko said.

Created by Aurora as the Ethereum-compatible scaling solution built on the NEAR blockchain, the Rainbow Bridge allows users to transfer tokens between ETH, NEAR, and the Aurora networks.

“The rainbow bridge is based on trustless assumptions with no selected middleman to transfer messages or assets between chains. Because of this, anyone can interact with its smart contracts, including the NEAR light client,” Shevchenko said.

He added that the bridge’s relayers, scripts running on traditional servers that periodically read blocks, usually submit the info on NEAR blocks to Ethereum. However, sometimes others also submit incorrect information with bad intentions.

“The incorrectly submitted information to the NEAR Light Client may result in the loss of all funds on the bridge,” Shevchenko said, adding that a consensus of NEAR validators secures this step.

Notably, a similar attack on the bridge took place on May 1, with the attacker losing ETH 2.5 during the failed attempt. At the time, Shevchenko said that the “bridge architecture was designed to resist such attacks.”

Meanwhile, Shevchenko asked hackers to join bug bounty programs instead of trying to steal user funds. Aurora offers white hat hackers up to USD 1m in bounty for preventing hacks and reviewing code.

“Dear attacker, it’s great to see the activity from your end, but if you actually want to make something good, instead of stealing user funds and having lots of hard time trying to launder it; you have an alternative — the bug bounty,” he said.

The failed attempt against the Rainbow Bridge comes as bad actors stole over USD 670m from crypto protocols during the second quarter of the year, according to Immunefi, a major bug bounty and security services platform. This figure is up by almost 50% compared to Q2 2021, when hackers and fraudsters stole USD 440m.

As reported, in late June, a hacker exploited a vulnerability in Harmony‘s Horizon Bridge to steal USD 100m worth of different cryptoassets. And prior to that, the Ronin Network was exploited to the tune of USD 600m, while decentralized finance (DeFi) platform Wormhole lost almost USD 325m to hackers in February.

____

Learn more: 
Hack Summer Continues with Acala Becoming the 4th Victim in August, ‘We’ll see More Attacks’
Solana-Based Phantom Wallet Unveils ‘Burn NFTs’ to Protect Customers From Scams

Over USD 36M Returned to Nomad Bridge’s Fund Recovery Address
Solana Blames Slope Wallet for Hack While Slope Says that ‘Nothing is Yet Firm’

Axie Infinity Developer Denies Wrongdoing Following Ronin Hack-Related Crypto Transfer Discovery
Crema Finance Hacker Takes USD 1.7M in Bounty, Returns USD 8M

Main Types of the Most Popular Hacking Attacks During IDO
NFT Hacks Via Discord Could Be Connected – Analysts

Logo

Why Trust Cryptonews

2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors
editors
+ 66 More

Best Crypto ICOs

Discover trending tokens still in presale — early-stage picks with potential

Explore Our Tools

Smart tools made for everyday crypto users

Market Overview

  • 7d
  • 1m
  • 1y
Market Cap
$3,338,588,406,116
-3.28
Trending Crypto

More Articles

Press Releases
Crypto Price Prediction Today 23 June – XRP, TRX, DOGE
2025-06-23 22:32:27
Press Releases
ChatGPT Picks The Top 3 Coins To Add To Your Crypto Portfolio Before End of June 2025
2025-06-23 22:31:28
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors