Nearly a week after Near Protocol launched its own algorithmic stablecoin (USN), similar to Terra’s UST, the network suffered a hacking attempt on Sunday. Fortunately, it was unsuccessful to such an extent that the attacker ended up losing some funds in the process.
Rainbow Bridge Protocol Targeted by Hacker
The hacker focused their attention on Near’s Rainbow Bridge protocol, launched in April 2021. Its purpose is to connect the Near blockchain to Ethereum so that developers can deploy Ethereum dApps and assets on Near, and vice-versa.
According to Alex Shevchenko, the CEO of Aurora Labs (An Ethereum-compatible developer platform that runs on Near Protocol), the attack started with ETH funds sent from Tornado Cash, a privacy-oriented decentralized exchange (DEX). The purpose was to deposit enough funds to become a Rainbow Bridge relayer.
Relayers are critical intermediaries in the bridge, keeping Near’s LiteNodes updated by checking blockchain blocks from different networks. Therefore, the hacking attempt revolved around fabricating the update by front-running the relayer.
MEV Bots Prevent NEAR Protocol dApp Hack
Interestingly, the protocol automatically blocked the subversion attempt, without any manual intervention needed. That’s because miner extractable value (MEV) bots registered the transaction. MEV bots are employed to reorder, insert and even censor transactions in order to extract value from blocks.
MEVs are a somewhat controversial blockchain feature, although not contained in either proof-of-work or proof-of-stake blockchains. While Ethereum miners/validators add block transactions according to the gas fee level paid, the transaction order doesn’t necessarily have to follow it. This opens up space for MEVs to reorder transactions to gain extra profit from users.
In the end, the MEV mechanic proved useful in not only stopping the attack but taking away 2.5 ETH ($7k) from the attacker.
Meanwhile, the Rainbow Bridge users didn’t even notice anything unusual was happening, let alone lose funds. However, Near Protocol developers will tweak this mechanic further, so that future attackers pay even more for their hacking attempts. In turn, gained funds will be used for bug bounties and code audits.
Solana Suffers Outage for 7th Time
It appears that Solana can’t catch a break. Once hailed as an “Ethereum Killer” due to its speed and low transaction fees, Solana suffered a 3rd outage this January. Fast forward to this Sunday, and Solana is out the 7th time, between 8:00 PM UTC and 3:00 AM UTC.
“Validator operators completed a cluster restart of Mainnet Beta at 3:00 AM UTC, following a roughly 7-hour outage after the network failed to reach consensus. Network operators and dapps will continue to restore client services over the next several hours”.
Solana dev team
The culprit was the NFT minting tool Candy Machine. This tool makes it possible to set up customized NFT marketplaces within the Solana ecosystem. Unfortunately, Candy Machine was flooded with bots that crashed Solana’s consensus nodes.
In other words, the blockchain’s validators failed to process the burst of transactions coming from bots. Suffice to say, the outage did not help SOL’s price, triggering a -10% dip.
The Metaplex NFT community, in charge of the Candy Machine, will introduce 0.01 SOL cost to mitigate further bot floods.
Candy Machine is used by a majority of new #SolanaNFT projects to launch their collections. In this change, a 0.01 SOL penalty will be collected when a wallet attempts to complete an invalid transaction, which is typically done by bots that are blindly trying to mint.
— Metaplex (@metaplex) May 1, 2022
However, if a single NFT minting tool can cause such disruption to the entire network, this doesn’t bode well for Solana’s readiness to enter mainstream adoption. The main reason appears to be Solana’s highly centralized origin.
Join our Telegram group and never miss a breaking digital asset story.
Solana—A Lesson in the Value of Decentralization
Just as miners verify and add transactions on proof-of-work (PoW) blockchains, so do validators do the same for proof-of-stake (PoS) blockchains like Solana. However, no matter if the consensus mechanism is PoS or PoW, the network’s security relies on the number of network nodes available.
Validators run these nodes as computers of the blockchain network, each one holding the entire transaction record and syncing updated transactions. Therefore, the greater number of validators/nodes, the greater the redundancy the network has to maintain its operation.
This is the measure of blockchain’s decentralization. For instance, Ethereum has 6110 nodes, while Bitcoin has 15,656 nodes. Unfortunately, Solana is drastically less decentralized with only 1,724 node operators. Likewise, just Solana’s top five data centers are in charge of 46% of the network.
This is not surprising given that Solana started as a venture capital (VC) project. Solana’s initial 500 million SOL token supply reveals this in a three-way distribution:
- Founders – 25%
- Investors – 37%
- Pre-mined rewards and airdrops – 38%
As of press time, Solana’s liquid supply is still highly centralized.
One would think that more centralized blockchains would be faster due to faster transaction confirmation times across fewer nodes. However, it seems that the greater redundancy that follows decentralization is more important. After all, an outage is not only the absence of speed but it heavily erodes user confidence in the network itself.
Ethereum and Cardano are the most decentralized blockchains. Do you think users will prioritize this blockchain feature in the future? Let us know in the comments below.