Failed NEAR Rainbow Bridge Exploit Cost Hacker $7,000

Other categories related to this article:

NEAR pulls the drawbridge up on potential exploit

NEAR Protocol has prevented an attempt by bad actors to exploit Rainbow Bridge, a user platform to transfer tokens between NEAR, Aurora, and Ethereum. Aurora CEO Alex Shevchenko alerted the community via Twitter, stating that they paused the bridge while the team looked into the attack. The attack failed, no funds were lost, and the attempt cost the hacker 2.5 ETH, or over $7,000. 


Rainbow Bridge is a cross-chain bridge that lets users transfer assets between the Ethereum, NEAR, and Aurora networks. It was built by Aurora Labs and is known for its user experience. Interestingly, in this case, Shevchenko says that additional measures will be taken to ensure that the cost of an attack would increase. 

What happened? 

The attempt began on May 1 with the attacker deploying a contract meant to deposit some funds to become a Rainbow Bridge relayer. The premise of the attack was to send made-up light client blocks, and it all started with some ETH being sent through Tornado Cash. 

Shevchenko explains in his tweet that after a while, one bridge watchdog discovered that the submitted block was not in the NEAR blockchain and sent a challenge transaction to Ethereum. As a result of watchdog action, the MEV bot transaction succeeded and rewound to remove the fabricated block created by the attacker. The attacker lost 2.5 ETH, which was paid to the MEV bot because of the successful challenge.

Focus on security 

More than $1 billion has already been drained in such bridge attacks in 2022 as they have become the focus of bad actors. Nonetheless, bridges are paramount to the successful interoperability of DeFi. These bridges allow investors to move value between networks efficiently, which is why NEAR has seen its TVL increase from around $120 million at the start of 2022 to $473 million today. Shevchenko goes deep in his analysis of the exploit on Twitter but ultimately wants to highlight safety in DeFi as of paramount importance.

According to the Rekt database, $1.2 billion in crypto assets were stolen in Q1 2022, representing 35.8% of all-time stolen funds according to the same source. Interestingly, at least 80% of the lost assets in 2022 have been stolen from bridges. 

Bridges have become a sweet spot for exploits in 2022, with more than $1 billion in funds already being drained in such hacks in 2022 alone. The Ronin bridge attack is perhaps the most notable as bad actors drained over $600 million from smart contracts leaving leading blockchain game Axie Infinity in freefall. At the same time, more traditional hacks are rampant, with Rari Capitals Fuse pools exploited for $80 million, while Saddle Finance suffered a $10 million exploit in the last 48 hours at writing.

Unsubscribe at any time. T&Cs and Privacy Policy

The above does not constitute investment advice. The information given here is purely for informational purposes only. Please exercise due diligence and do your research. The writer holds positions in various cryptocurrencies, including BTC, ETH, and RADAR.

Share this post on social media

Share this Article

Related articles

Related articles

Happy 2nd Birthday NEAR Mainnet

A closer look at NEAR two years on from its mainnet launch