Ethereum PoW suffered a cyber attack on a smart contract shortly after its launch. In addition to technical issues, this led to a drop in the value of the new crypto.
What is Ethereum PoW?
EthereumPoW comes from the old Ethereum blockchain system called Proof of Work or proof of work in French. After The Merge, some have decided to create a new crypto that adopts the fundamentals of Ethereum which has just gone into “Proof-to-stake”.
Launched after The Merge, this new crypto struggled from the start. In fact, some users were unable to connect their Metamask wallet to Ethereum PoW. Some Internet users have found that the problem came from the incorrect ID.
— HM (@HamzahM92) September 15, 2022
Ethereum PoW gets its first hack right after launch
In addition to technical issues, Ethereum is about his first hack. The company specializing in cyber security, especially blockchain, Blocksec has warned about a “replay attack”. This type of attack consists of copying a stream of messages between two correspondents and linking the stream to one or more parties. The security company said so “This type of attack targeted transactions on the Ethereum proof-of-concept blockchain and the Gnosis DeFi application. “
Replay attacks can occur when cryptocurrencies treated as the same asset, although they technically exist on a completely separate blockchain. Here we are talking about Wrapped Ether (WETH) and Ether PoW (ETHW).
BlockSec told Blockworks “the attack was not a “chain-level” replay exploit but an exploit due to a vulnerability in the contract”. This means that Gnosis and the Ethereum and ETHW networks have not been hacked. On the other hand, the OmniBridge “smart contract” on the ETHW fork would accidentally pay out funds.
First, the hacker transferred 200 Wrapped Ether (WETH), or 271,716.23 dollars (if we are referring to the current price), through the OmniBridge protocol of the Ethereum blockchain to the Gnosis network.
The hack consisted of resending the same transaction request on the Ethereum PoW fork to receive 200 ETHW from the copy of the OmniBridge “smart contract”.
Market of‘ETHW dropped about 40% after the hack was revealed. The asset went from $8 to $5. However, the Ethereum PoW market had already dropped from $29.22 to $11.05 in just 2 days after The Merge. It is not clear if the attacker touched the 200 ETHW stolen in the attack, but today it is only about $1,000.
EHTW prices for the last 7 days
The attack was possible since the OmniBridge in the PoW chain was still accepting transactions that referenced the “chainID” of the Ethereum proof blockchain. This variable serves as a unique identifier for different blockchain networks. The PoW fork uses a different chainID to help separate actions between the two networks.
“As a result, the balance of the chain contract deployed on the PoW chain would be drained“, writes BlockSec.
It was predicted by security researchers before that Ethereum PoW fork it is likely that there were such attacks.
Gnosis assumes no responsibility for piracy
The co-founder of Gnosis, Martin Koppelmann, tried to reassure the social network tweeter by announcing that Gnosis and Ethereum were not “in any way“.
“We do not support the channel (ETHW) and that we do not consider ourselves responsible for what happens on this channel“, said Koppelmann. He also said “the attacker created a fake bridge activity to drain funds on ETHW.“
To deal with this defect“A recommendation to disable the bridge’s connections to ETHW, thereby closing this particular security hole, will be presented to the governance team overseeing OmniBridge., he added. BlockSec warned in a blog that similar incidents may occur elsewhere on the Ethereum PoW network, something to worry investors about.
ETHW Core, the group that oversees ETHW, confirmed on Sunday that the attack involved a “bridge contract” vulnerability and notified OmniBridge “by all means” to make them aware of the risks. However, they have not received any response from them.
I made every effort to contact Omni Bridge yesterday.
Bridges must correctly verify the actual ChainID of the cross-chain messages.
Again this is not a transaction replay at the chain level, it is a calldata replay due to the specific contract fault. https://t.co/bHbYR4b2AW pic.twitter.com/NZDn61cslJ
— Official EthereumPoW (ETHW) #ETHW #ETHPoW (@EthereumPoW) September 18, 2022
“We tried to contact OmniBridge by all means yesterday. Bridges must correctly check the actual ChainID of the cross-chain messages. Again, this is not a chain-level transaction replay, but a retransmission of call data due to the specific contract fault.”
In any case, it is difficult to know how the Ethereum PoW will recover from this disastrous start. However, the team said “do everything possible to stabilize the chain“