The Ethereum Proof-of-Work (PoW) network suffered a replay attack on September 18 as exploiters replayed a message from the Ethereum POS chain.
According to BlockSec, which first discovered the attack, the exploit happened because the bridge failed to properly verify the actual chainID of the cross-chain message.
The exploiter first transferred 200 WETH through the Gnosis Chain Omnibridge. Then the same transaction was replayed on the PoW chain to get an additional 200 ETHW.
According to the blockchain security firm, the attacker could dump the contract balance on the PoW chain.
CertiK further stated that the operator transferred the funds to MEXC.
ETH PoW team claims transaction replay was not on-chain
The official ETH PoW Twitter account acknowledged the attack stating that it was not an on-chain transaction replay. Instead, it is due to call data replay caused by a loophole in the contract.
The team said:
“(We) had tried every means to contact Omni Bridge yesterday. Bridges need to properly verify the actual ChainID of cross-chain messages.
Meanwhile, a chain-level replay attack is impossible on the ETHPOW chain because the network forced EIP-155 before the hard fork. This means that transactions on the ETH proof-of-stake chain cannot be reactivated on the POW chain or vice versa.
However, the fact that the exploit does not occur at the chain level may not matter much. The PoW fork has only been live for less than 72 hours and experiencing an exploit this early could affect its adoption potential.
ETHW loses 18%
According to Peckshield, ETHW lost 12% of its value following the news.
In the past 24 hours, the ETHW token has fallen by 17.8%. The token has seen its value drop massively by more than 80% in the past two weeks.
ETHW adoption suffered further blows during the week as Grayscale revealed it would sell its tokens while Poloniex said it listed EthereumFair (ETF) as its main Ethereum PoW token.
To be[In]Crypto’s Latest Bitcoin (BTC) Analysis, Click here.
All information contained on our website is published in good faith and for general information purposes only. Any action the reader takes on the information found on our website is strictly at their own risk.