- NEAR Protocol successfully defended itself from a 5ETH attack.
- The fraudulent transaction was challenged by independent watchdogs.
- “The reaction took only 31 seconds with no human interaction,” said the CEO of Aurora.
On Saturday, NEAR Protocol successfully defended itself from an attack that attempted to launder 5 Ethereum (ETH) worth $7887.
Alex Shevchenko, CEO of Aurora Labs, an Ethereum Virtual Machine that runs on the NEAR protocol as a smart contract, explained the attack in his recent Twitter thread:
🧵 on the Rainbow Bridge attack during the weekend
TL; DR: similar to May attack; no user funds lost; attack was mitigated automatically within 31 seconds; attacker lost 5 ETH. pic.twitter.com/clnE2l8Vgz
— Alex Shevchenko 🇺🇦 (@AlexAuroraDev) August 22, 2022
Shevchenko stated that the attacker attempted to submit a counterfeit NEAR protocol block to Rainbow Bridge’s main contract. This attempt triggered NEAR’s defense mechanism to observe the attack and challenge it.
Shevchenko added that during the transaction, a safe deposit of 5 ETH was required. Due to being challenged by independent watchdogs, the attempt failed, and the attacker lost 5 ETH. Also, no user funds were affected. Shevchenko said:
The reaction took only 31 seconds with no human interaction. After notifications of strange activities, within one hour, the team was checking if everything was fine and was going back to sleep.
Furthermore, Shevchenko mentioned, “Dear attacker, it’s great to see the activity from your end, but if you actually want to make something good, instead of stealing users’ money and having a lot of a hard time trying to launder it; you have an alternative – the bug bounty.”
The bug bounty is a campaign where bug testers get paid up to $1,000,000 for exploiting vulnerabilities in the system.
Contextually, another hack from May 1 used the same style, where the attacker tried to deploy a contract that was meant to trick the Rainbow Bridge Relayer and send the fake block. Eventually, the system detected this transaction and deployed its defenses. As a result, the attacker lost 2.5 ETH ($3961), which was then used to pay for the success of the security.