Ethereum Fork ETHPoW Suffers From Bridge Replay Exploit, Token Tanks 37%

by · September 19, 2022

Ethereum Fork ETHPoW Suffers From Bridge Replay Exploit, Token Tanks 37%

ETHPoW, the proof-of-work blockchain fork Ethereum which went live shortly after Ethereum’s move to proof-of-stake (PoS) last week, has fallen victim to a replay exploit that resulted in an additional 200 ETHW tokens being siphoned off by the attacker.

Blockchain security company BlockSec disclosed the incident on Sunday, saying the attack occurred through the Omni Bridge on the Gnosis chain.

“On September 16, 2022, we discovered that some attackers successfully harvested a lot of ETHW by replaying the message (ie the call data) from the PoS chain on EthereumPoW (aka the PoW chain),” BlockSec wrote in a Medium post.

According to the security researchers, the attacker first transferred 200 WETH through the Omni Bridge and then played the same message on the PoW chain, gaining an additional 200 ETHW.

“By doing so, the balance of the chain contract deployed on the PoW chain can be drained,” BlockSec said.

The firm detailed that “the root cause of the exploit is that the Omni bridge on the PoW chain uses the old chain ID and does not correctly verify the actual chain ID of the cross-chain message,” adding that similar issues may exist in other protocols.

The price of the ETHW token fell around 37% on the back of the news, hitting a fresh low of $4.22 earlier on Monday, according to CoinMarketCap. It is currently trading at just over $5.

ETHPoW developers confirm exploit

The developers behind the ETHW protocol confirmed the incident; however, they insisted that the attack did not originate from the ETHW blockchain and only affected the Omni bridge, not the Ethereum PoW network itself.

See also  Wemade announces partnership with Space and Time to power blockchain and gaming services

“ETHW itself has enforced EIP-155, and there are no repeat attacks from ETHPoS and to ETHPoS, as ETHW Core’s security engineers have planned in advance,” the ETHW team said in a blog post.

The developers also said they have contacted the Omni team to notify them of the exploit.

“We have contacted the bridge in every way and informed them of the risk,” the ETHW blockchain developers said, adding that “bridges must verify the actual chain ID of the messages across chains.”

What is ETHPoW?

ETHPoW is one hard fork of Ethereum backed by a group of miners who declared their intention to preserve the PoW chain after the merge – the commonly used term for the network’s transition to PoS.

The chain launched last week shortly after the merger took place, but it got off to a rather bumpy start as the network faced several technical issues, including a Chain ID issue.

In particular, the possibility of a replay attack if ETHPoW failed to change the network’s chain ID from the Ethereum network was raised a few weeks before the merger.

However, ETHPoW founder Chandler Guo insisted that these fears were overblown, telling Decrypt that the network would change all chain IDs on its blockchain to prevent such attacks.

See also  Polygon network launches blockchain gaming platform Intella X

Stay up to date on crypto news, get daily updates in your inbox.

Related posts:

  1. Istanbul Blockchain Week founder Erhan Korhaliller discusses why Turkey is one of the hottest places for crypto
  2. The population of blockchain talent worldwide grew by 76% from 2021
  3. Abu Dhabi launches strategy for blockchain and virtual assets
  4. Blockchain Technologies’ NFC Role in Product Authenticity

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Headline Posts