tl;dr Summary: The NEAR Protocol successfully blocked an attempt to exploit its Rainbow Bridge, a platform used to move tokens between NEAR, Aurora, and Ethereum. No funds were lost, but the failed attempt cost the attacker 2.5 ETH.
With over 100 blockchains, each with its own ecosystem of dApps, there is a need for interoperability between them. Think of this as different states or countries, and just like countries, these ecosystems cannot be sustained in isolation.
The last two years saw a massive growth in blockchain bridges that enabled communication and interoperability between these siloed systems.
Bridges are pieces of code that allow users of different blockchains to move their assets (coin, tokens, or NFT) from one chain to another.
Bridges have made it easy for users to move assets across chains. These bridges also revolutionalised DeFi as users can now take advantage of opportunities (arbitrage or yield farming) in other ecosystems.
But all this advancement came with a price. Blockchain bridges have been a top target for attackers, with over $1 billion lost in over a year. Notable hacks include the Ronin hack where attackers successfully stole $625 million in cryptocurrency and the Wormhole attack that resulted in a loss of $325 million.
Rainbow Bridge Hack
On May 1, the Rainbow Bridge was attacked. However, in this case, a crisis was averted before the attacker could do any damage as the protocol managed to stop the attack automatically.
Rainbow Bridge is a cross-chain bridge that allows users to transfer assets between Ethereum, NEAR, and Aurora networks. According to Aurora Labs’ Alex Shevchenko, the attempt started on May 1 when the attacker deployed a smart contract (code that runs on a blockchain) to deposit funds to become a relayer.
Let us understand what this means by looking at a simple example of how the Rainbow Bridge works.
Assume that you want to move five LINK tokens from Ethereum to the NEAR bridge. To do this in a trustless fashion would require several steps:
- You start by telling Ethereum to move 5 LINK tokens to NEAR.
- Ethereum then checks if you have these tokens and then takes them out of circulation and locks them in a vault (code).
- You then tell NEAR to create 5 LINK tokens on its chain.
- NEAR does not trust you, and so it will first ask you to prove that you have 5 LINK tokens available on Ethereum.
- Once you provide the proof, NEAR will independently verify it and create the 5 LINK tokens.
The job of a relayer on the Rainbow Bridge is to ensure that the proof that the NEAR protocol needs is available. By trying to become a relayer, the attacker hoped to forge or submit fabricated proofs to the nodes in the protocol with the intention of pushing false transactions.
When one of the bridge’s watchdogs saw this, it created a challenge and sent it to Ethereum. At the same time an MEV bot (read more about MEV bots a.k.a searchers here) detected this transaction and calculated that front-running it would result in a 2.5 ETH gain.
The watchdog transaction failed, but the MEV bot succeeded resulting in the roll back of the fabricated block created by the attacker. By this time, the team jumped in and paused the bridge in order to study what had happened.
Interestingly, Alex, in one of his tweets said “For at least 6 months we knew that watchdog transaction would be front run by the MEV bots (reported by our auditors @sigp_io). Main reason to keep this mechanics is the additional protection: MEV bots know how to get transactions executed ASAP.”
In the end, the attacker lost 2.5 ETH which was paid to the MEV bot because of its successful challenge.
Alex ends his detailed analysis on the attack by appealing to the blockchain community to focus on security.
According to DappRadar, at least 80% of the lost assets in 2022 were stolen from bridges.