BlockSec Warns Replay Attacks On EthereumPoW

Recently, BlockSec detected replay attacks taking place on the EthereumPoW network. The attacker transferred 200 WETH over the omni bridge of the Gnosis chain, then replayed the same message on the PoW chain and received another 200 ETHW. The cause of these attacks is that the Omni bridge on the PoW chain uses the old chainId and does not correctly verify the actual chainId of the cross-chain message.

On September 16, security firm BlockSec detected replay attacks taking place on the EthereumPOW network and attempted to contact the network to stop the attack.

The attacker (0x82fae) first transferred 200 WETH through the omni bridge of the Gnosis chain, and then replayed the same message on the PoW chain and got extra 200 ETHW. By doing so, the balance of the chain contract deployed on the PoW chain could be drained.

The ETHPoW blockchain developer team says that an attack exploited the bridge’s contract vulnerability, not their own blockchain.

“ETHW itself has enforced EIP-155, and there is no replay attack from ETHPoS and to ETHPoS, which ETHW Core’s security engineers have planned in advance,”

The ETHW Core developers wrote in a Medium post.

According to BlockSec’s attack analysis, the root cause of the exploitation is that the Omni bridge on the PoW chain uses the old chainId and doesn’t correctly verify the actual chainId of the cross-chain message.

Therefore, attackers could harvest lots of ETHW (and also other tokens owned by the bridge on the PoW chain) and trade them in some marketplaces.

BlockSec has been trying to contact Omni Bridge since Saturday to inform them of the risks. Omni Bridge did not immediately respond to a request for comment.

The price of ETHW continues to dump strongly since the news, ETHW price dropped 45% in the last 24 hours, currently trading at $4.60.

EthereumPoW (ETHW) is a hard fork Proof of Work of Ethereum after The Merge event took place. This means that EthereumPoW is a fork that completely retains the functionality of Ethereum before The Merge. ETHW is a cryptocurrency created after Ethereum’s The Merge upgrade was completed on September 15.

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Foxy

CoinCu News