Cryptocurrency Editor's Picks Ethereum News

Ethereum PoW Lost 200 WETH in an Omni Bridge Replay Attack

Ethereum PoW Lost 200 WETH in an Omni Bridge Replay Attack

Ethereum Pow (ETHPoW), the proof-of-work blockchain forked from Ethereum that went live immediately after Ethereum’s move to proof-of-stake (PoS) last week, has been attacked by a replay exploit, which resulted in the attacker draining off 200 ETHW tokens.

The main cause of the exploitation, according to Blocksec, is that the Omni bridge on the PoW chain utilizes the old chain ID and does not appropriately validate the real chain ID of the cross-chain message.

“On September 16th, 2022, we detected that some attackers successfully harvested lots of ETHW by replaying the message (i.e., the call data) of the PoS chain on EthereumPoW (aka the PoW chain),” according to them.

According to the blog post, the company quickly informed the official team of EthereumPoW, who was eager to take action and attempted to interact with the Omni Bridge.

Ethereum PoW loses 200 WETH

The exploiter began by transmitting 200 WETH across the Omni bridge of the Gnosis chain before replicating the identical message on the PoW chain, collecting an additional 200ETHW. As a result, the balance of the chain contract put on the PoW chain was emptied.

BlockSec’s investigation of the Omni bridge source code revealed that the logic to check chainID was present, but the confirmed chainID used in the contract was retrieved from a value stored in the storage designated unitStorage.

The team noted that this was not the right chainID obtained using the CHAINID opcode, as recommended by EIP-1344, and worsened by the subsequent fork following the Ethereum Merge.

Ethereum PoW Lost 200 WETH in an Omni Bridge Replay Attack

This is most likely because the code is pretty old (using Solidity 0.4.24). Blocksec claims that the code works perfectly until the PoW chain forks.

According to Blocksec, the attacker(s) might harvest a large amount of ETHW (as well as other tokens owned by the bridge on the PoW chain) and trade them in various exchanges, like some centralized exchanges (CEXs)

They contend that doing so may have an impact on the price of ETHW owing to an increase in liquidity. As a result, users/investors are advised to exercise caution when trading these tokens on the PoW chain.

EthPow dropped sharply

Ethereum PoW Lost 200 WETH in an Omni Bridge Replay Attack

According to data from CoinMarketCap, the price of the ETHW token dropped 37% as a result of the news, reaching a new low of $4.22 early on Monday. It is presently trading at $5.58, a 25% decrease.

Related posts

Argentina And Venezuela Turn To Cryptocurrencies As Economies Dip

ibrahim

EOS, XLM, ADA, IOTA. Technical analysis and forecast of the course on 15-16 December 2018

alfonso

Ex US President Donald Trump Launches NFT Collection

Jai Hamid