Rainbow Bridge Resits Another Attack | The Merge ETA: Sept 15 | Connext Amarok AMB Update & More!

Last Week In The Multi-Chain Ecosystem (22nd to 28th Aug 2022)

Aug 29, 2022

Welcome to LI.FI’s Cross Chain Insider newsletter. If you want to join this community of cross-chain aficionados learning about bridges, interoperability, and the multi-chain ecosystem, subscribe below:

You can also check out LI.FI’s research articles, and follow us on Twitter!

Bridge Updates

1) Rainbow Bridge Resits Another Attack 💪🏻

Rainbow bridge, the bridge between NEAR and Ethereum, resisted an attack on Aug 22. The attack was mitigated automatically within 31 seconds by automated Watchdogs in the bridge’s architecture. No user funds were lost, and the attacker lost 5 ETH.

2) Connext Amarok AMB Update 🧐

Connext has released an update for their Amarok network upgrade, which introduces support for arbitrary message passing. Given the recent Nomad hack, the team has decided to temporarily utilize existing AMBs for rollups and sidechains to relay messages. The team aims to upgrade the system to a full optimistic bridge in the near future.

3) $BAL is Now Live on Across 🚀

Across has added support for Balancer Labs’ $BAL token. Users can now bridge $BAL between Ethereum, Optimism, Polygon, and Arbitrum.

4) Multichain Integrates NEAR 🥳

Multichain has integrated NEAR blockchain. This enables cross-chain interoperability between NEAR and EVM ecosystems supported by Multichain. The integration is currently in the testnet phase. Users can participate in Multichain’s cross-chain testnet campaign and earn rewards.

5) Rango Integrates the Celer Inter-Chain Messaging Framework 🤝🏻

Rango Exchange has integrated the Celer Inter-Chain Messaging Framework (Celer IM) into their cross-chain DEX aggregator. Rango users can now swap across chains within a single click and one transaction.

6) deBridge Introduces deSDK 🎊

deBridge has launched deSDK, a framework-agnostic software development kit enabling anyone to send, track, and claim any cross-chain messages programmatically with the deBridge protocol.

Multi-Chain Ecosystem Updates

1) Full Transition to Ethereum PoS — ETA: September 15 ⏳

According to the Ethereum organization’s official announcement, The Merge is expected to come around September 10-20th. The first part of The Merge, Bellatrix, will happen on September 6.

2) Lido is Now on Loopring 👏🏻

Lido ETH staking has arrived on Loopring. Users can now stake with Lido on Loopring and earn daily rewards on staked ETH.

3) The Graph’s Multi-Chain Incentivized Program 🎊

The Graph has launched MIP, a multi-chain incentivized program that bootstraps Indexers to add support for new chains on the decentralized network, enabling migration of multi-chain subgraphs. Gnosis Chain will be the first chain to be supported on the network.

4) Radiant is Live on BNB Chain 💪🏻

Radiant, a cross-chain lending protocol, has launched on BNB Chain. Deployed initially on Arbitrum, the team plans to go cross chain and launch on multiple chains in the near future. Radiant will share protocol fees cross-chain with all RDNT lockers, paying them in BTC/Stables using LayerZero.

5) Sushi Trident is Now Live on Metis 🍣

Sushi has launched its TridentAMM on Metis, an optimistic L2 rollup. Users can now create new pools and access farming on Sushi Metis. The team plans to launch Sushi Miso (launchpad) and Furo (streaming and token vesting) on Metis soon.

What’s Popping on Twitter?

Bridges are notoriously known for being honeypots for attackers. And with over $1B in stolen funds, it is hard to argue against the notion. However, there have been a few instances where the bridges have been saved from collapsing — thanks to whitehat hackers and sound bridge mechanisms.

This weekend, we witnessed another attack on a bridge. However, this time, the attacker lost funds, not the users. This story is about the Rainbow Bridge, which on Aug 22, resisted another attack and saved billions in users’ funds from being stolen.

Alex Shevchenko 🇺🇦 @AlexAuroraDev

🧵 on the Rainbow Bridge attack during the weekend TL; DR: similar to May attack; no user funds lost; attack was mitigated automatically within 31 seconds; attacker lost 5 ETH.

The Rainbow bridge connects Near Protocol, Ethereum, and Aurora. It is a light client bridge going to Near and an Optimistic bridge going to Ethereum. Earlier this year, in May, it resisted an attack, thanks to its optimistic design — the bridge Watchdogs figured out the malicious transaction and challenged it by submitting fraud proofs to prevent the hack.

Alex Shevchenko 🇺🇦 @AlexAuroraDev

🧵 on the Rainbow Bridge attack today. TL;DR: attack was stopped automatically, no bridged funds lost, attacker lost some money, bridge architecture was designed to resist such attacks, additional measures to be taken to ensure the cost of an attack attempt is increased

This weekend, Rainbow Bridge experienced another hack attempt. However, just like the first attempt back in May, the attack was successfully blocked “automatically within 31 seconds.” No user funds were lost. The attacker lost 5 ETH. Here’s how the attack went down:

An attacker submitted a fabricated NEAR block to the Rainbow Bridge contract — the transaction required a safe deposit of 5 ETH.
The Rainbow Bridge is designed such that if someone submits incorrect information, it is challenged by independent watchdogs.
In this case, automated watchdogs challenged the malicious transaction, resulting in the attacker losing his safe deposit of 5 ETH.
The attack was successfully mitigated within only 31 seconds, and the users did not lose any funds.

Attack attempts are common in crypto; unfortunately, there is no way to prevent them. All we can do is have enough security systems in place to mitigate these attempted attacks.

This incident is a testament to the Rainbow Bridge team’s focus on security and a reminder for everyone to build fundamentally secure bridges. Incidents like these make us optimistic about the future of bridges and crypto.