The NEAR Protocol Rainbow Bridge was attacked on May 1. No funds have been stolen, and the attacker even lost some money, according to the CEO of Aurora Labs, Alex Shevchenko.
Shevchenko added that additional measures will be taken to ensure that the cost of an attack would increase.
He also posted the address of the attacker, who started with some ETH sent through Tornado Cash. The attempt began on May 1, with the attacker deploying a contract meant to deposit some funds to become a Rainbow Bridge relayer. The attack idea was to send made-up light client blocks.
“As a result, watchdog transaction failed, MEV bot transaction succeeded and rolled back the fabricated block of the attacker. Some min after this, our relayer submitted a new block:”
Shevchenko explains the incident in much more technical detail in his lengthy Twitter thread. He stresses, however, that projects would focus on security measures,
“I wish everyone who is innovating in the blockchain to pay enough attention to security and robustness of their products through all the available means: automatic systems, notifications, bug bounties, internal and external audits.”
No respite for DeFi
The DeFi market is an attractive target for hackers, given so much money is flowing in. In the first three months of 2022 alone, hackers have stolen over $1.22 billion from the DeFi space. That’s nearly eight times as much as the same period last year.
It’s for this reason that Shevchenko is stressing that developers focus on security. As more money comes in, attackers will only be more tempted to carry out an attack. Security measures and audits will become paramount to long-term success.