Miners Could Steal Over $400M From Ethereum Bridge, Why Don’t They?

Bitcoin Miner Earnings Bottom Before Recovering 20% ​​in 12 Hours

Key facts:
  • $448 million is frozen in the bridge between Ethereum and NEAR.

  • Miner collusion is key to attacking and stealing the funds, but they wouldn’t.

Ethereum (ETH) miners would have the doors open to steal funds from the Rainbow Bridge (or rainbow bridge), a protocol that unites the chains of this cryptocurrency with the decentralized project NEAR and whose security is identical to the rate guarantee deposits of hash (hashrate), through which coins can be stolen if there is a mining collusion.

According to a lightcoin researcha site for analyzing the protocols of the different cryptocurrencies, the Rainbow Bridge, which has been operational for several months on Ethereum, may be subject to attack and subsequent theft by “malicious miners”.

This bridge allows the exchange of various tokens, which can run on both blockchains (Ethereum and Near). As they explain it, it is not necessary to trust anyone to send and receive coins, except in the security of the chains that are connected. This bridge allows any information that can be cryptographically proven in NEAR to also be used in Ethereum contracts. and vice versa. In it, right now there is a significant amount of money stored.


Miners Could Steal Over $400M From Ethereum Bridge, Why Don't They?

This bridge, according to the analysis, has a security mechanism that operates such as hashrate escrowswhich are part of the Bitcoin 300 Improvement Proposal (BIP-300), which has not yet been approved.

Rainbow Brigde screen.
Ethereum miners could steal the locked funds from the Rainbow Bridge. Font: NEAR.

A robbery in Bitcoin

According to what they indicate in Lightcoin, these hashrate escrow deposits, which would be used in the BIP-300 to sign the transactions (instead of a cryptographic key), may give way to the hypothesis that “miners can steal”.

This is because bitcoins assigned for the use of a side chain would be placed under the collective custody of the majority of the Bitcoin hashrate, that is, under the surveillance of the miners, who will be the ones to confirm and verify the transactions.

So if -hypothetically- there are evil miners, these can agree to mobilize the BTC that is inside the deposit and take it to any address or set of themprofiting at the expense of the trust that a user delegated to them.

While miners would only transfer BTC from hashrate escrow to previously confirmed and valid addresses, if they colluded to attack the protocol, traders would just have to send all the BTC in the hashrate deposit to themselves.

Bitcoin miners.
Bitcoin miners could steal funds from the hashrate escrow proposed by BIP-300. Source: adobe.stock.

For this, they would have to create a transaction to transfer BTC from the hash rate deposit to their own addresses and then they would have to “vote” for this transaction for three months, which is the time required to remove the coins from said depositaccording to the BIP 300.

And in Ethereum?

In the case of Ethereum, a similar theft scenario is likely. This, through the aforementioned bridge, the Rainbow Bridge, which is technically known as an “optimistic bridge”a protocol capable of linking assets from one blockchain to another, based on collateral and locked funds.

It is during the “challenge period” established by the bridge between Ethereum and NEAR that a theft can be executed, hypothetically. In this type of protocol, this time slot is used for miners and verifiers to vote for or against a transaction. It usually lasts up to hours, depending on the chain that is being used.

In this time, a warning that the withdrawal is invalid can be sent to the first-chain bridge contract, through a transaction called “failsafe.” This test contains the data necessary to convince the protocol that the user who made the withdrawal transaction was not actually the owner of the asset you are trying to withdraw.

If the fail test is valid and the withdrawal is confirmed to be false, the transaction will be canceled and the user who initiated the invalid withdrawal on that chain will have their collateral trimmedthat is, removed or redistributed.

That’s when “malicious miners” who want to steal come into play. For this, explains Lightcoin, operators must resort to manipulation. They would have to make invalid withdrawals of funds, where the money blocked from the bridge is actually expressed, and then censor failure tests for at least four hourswhich are the ones that could detect the irregularity.

This, “just like a malicious hashing power majority can steal all the funds in a hash rate escrow,” according to Lightcoin, which highlights that this is a way to steal the more than $440 million that are locked in the bridge between Ethereum and NEARaccording to Etherscan.io.

On this possibility, the developer of Bitcoin, Ruben Somsen, showed his astonishment. On twitter, commented the possibility that Ethereum miners make a lot of money, just by censoring some evidence. This, “without drawing conclusions.”

Bridge between Ethereum and Near.
Bridge between Ethereum and NEAR has a locked balance of over $448 million. Font: Etherscan.io.

It is good to clarify that this scenario of theft in Ethereum is plausible but as long as mining is maintained. As we have already reported in CriptoNoticias, this decentralized network is gradually moving towards its merger and subsequent elimination of the Proof-of-Work (PoW) consensus algorithm, which will make the use of specialized hardware unnecessary to mine and, consequently, this possibility of attack and robbery would be eliminated.

But they won’t steal

Although there are possibilities and even opportunities to steal right now, from Lightcoin they dismiss that there is a negative action by the Ethereum miners. They explain that if the hypothesis of miners stealing were true, the operators would be expected to have already taken the $440 million.

“After all, they have the ability to do it, and it’s a huge amount of value,” they explain. “And yet, so far, even with the ability to steal a large amount of value, miners have neither tried nor succeeded in stealing it. The evidence suggests that, at least in this scenario and others like it, the hypothesis is false.”they add.

Why don’t miners steal? Although it is impossible to be certain about the reasons that prevent miners from taking over these funds, even if they have the capacity, in Lightcoin they point to possible conjecture.

The first is that the reward for the theft would not be large enough. “Perhaps the value of your mining equipment, operations, freedom (from lawsuits, prison, or worse), and the net present value of future block rewards, combined, are worth more to most hash power than the value of 20,000 BTC”, they maintain.

This, since the miners who decide to launch the attack will probably not come out unscathed, as suggested by Lightcoin. The consequences for their actions could be several and all of them lead to the impossibility of maintaining operations.

Miners also do not steal in Ethereum because there are assets that, when taken, could be frozen, according to Lightcoin. This, because much of the value that is currently deposited in the Rainbow Bridge takes the form of centralized assets, such as the stablecoins USD Coin (USDC) and Tether (USDT).

Ethereum mining rigs.
The miners do not steal the Ethereum and NEAR bridge because the reward may not be that great. Font: BR.

The low capacity for trust also influences, especially when it comes to a bad move such as stealing other people’s funds. Lightcoin suggests that an attack like this risks information leaks and subsequent backlash from Ethereum users, “which could cause the price of ETH to fall, accelerate the merger, among other things”.

The miners’ honesty plays an important role in deterring a robbery. “It has been shown that most people, when presented with an opportunity to harm another person, do not accept it, even if they have something to gain and know they can get away with it«, they defend from Lightcoin.

Although that honesty may not have to do with values. The analysis holds that miners may be honest, not out of altruism, but because they “prefer certainty of earning block rewards by mining transactions that pay market fees instead of the uncertainty of risking everything for a heist.”

And one last point that might answer why there are no miners stealing the funds on this bridge, even with the possibility, is that they probably don’t know about it. “A sufficient quorum of malicious miners may simply not know that this opportunity to steal exists”.

Whatever your reasons for ignoring the 20,000 BTC worth there is to take, optimistic bridges like Rainbow Bridge on Ethereum show us that so far, when given the chance, miners won’t steal.

Lightcoin, decentralized protocol analysis site.

See also  Ethereum beyond price: tests, mining and progress in the middle of a historical year

Leave a Comment

Your email address will not be published.