1. Home
  2. Bridge attack

Bridge attack

Hacker tries to exploit bridge protocol, fails miserably

The attempt was suppressed within 31 seconds, with the attacker losing their 5 ETH safety deposit.

Cross-chain bridges have increasingly become targeted by malicious entities. However, not all hackers can run away with millions in their exploit attempts. Some end up losing money from their own wallets. 

In a Twitter thread, Alex Shevchenko, the CEO of Aurora Labs, told the story of a hacker who attempted to exploit the Rainbow Bridge but ended up losing 5 Ether (ETH), worth around $8,000 at the time of writing.

According to Shevchenko, the hacker has presented a falsified NEAR block to the Rainbow Bridge contract and submitted the required 5 ETH safe deposit. Thinking that the team would be slow to react during the weekend, the attacker timed the exploit attempt on a Saturday.

Despite the hacker's plan, the CEO highlighted that there were automated watchdogs in place that fought off the malicious transaction. Within 31 seconds, the attempt was suppressed, leading to the hacker losing their safety deposit.

Because of the increasing exploit attempts, the CEO noted that their team is considering increasing the amount required for safe deposits. However, the idea was dumped to keep the team wants to stay committed to decentralization as possible.

Shevchenko also left a message to the attacker. The CEO urged the hacker to try doing good for the community by working on bug bounties instead of stealing users' money and having trouble trying to launder the stolen assets.

Related: Hacker tastes own medicine as community gets back stolen NFTs

On June 7, Aurora Labs paid a bug bounty of $6 million to an ethical security hacker who pointed out a critical vulnerability to the Aurora team. The bug was promptly patched, and user funds were secured. If the whitehat hacker decided to exploit the network, over $200 million could have been lost.

Meanwhile, the entities that executed the Ronin bridge hack have transferred the stolen funds into Bitcoin (BTC). Using privacy tools Blender and ChipMixer, the hackers are still trying to spread out the stolen funds in hopes of outmaneuvering the authorities.

Crypto Kidnapping: Tourist Held Captive, Forced to Transfer $250K in USDT