On September 16, security firm BlockSec detected replay attacks taking place on the EthereumPOW network and attempted to contact the network to stop the attack.
The attacker (0x82fae) first transferred 200 WETH through the omni bridge of the Gnosis chain, and then replayed the same message on the PoW chain and got extra 200 ETHW. By doing so, the balance of the chain contract deployed on the PoW chain could be drained.
The ETHPoW blockchain developer team says that an attack exploited the bridge’s contract vulnerability, not their own blockchain.
“ETHW itself has enforced EIP-155, and there is no replay attack from ETHPoS and to ETHPoS, which ETHW Core’s security engineers have planned in advance,”
The ETHW Core developers wrote in a Medium post.
According to BlockSec’s attack analysis, the root cause of the exploitation is that the Omni bridge on the PoW chain uses the old chainId and doesn’t correctly verify the actual chainId of the cross-chain message.
Therefore, attackers could harvest lots of ETHW (and also other tokens owned by the bridge on the PoW chain) and trade them in some marketplaces.
BlockSec has been trying to contact Omni Bridge since Saturday to inform them of the risks. Omni Bridge did not immediately respond to a request for comment.
The price of ETHW continues to dump strongly since the news, ETHW price dropped 45% in the last 24 hours, currently trading at $4.60.
EthereumPoW (ETHW) is a hard fork Proof of Work of Ethereum after The Merge event took place. This means that EthereumPoW is a fork that completely retains the functionality of Ethereum before The Merge. ETHW is a cryptocurrency created after Ethereum’s The Merge upgrade was completed on September 15.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews
Follow CoinCu Youtube Channel | Follow CoinCu Facebook page
Foxy
CoinCu News
The Roaring Kitty lawsuit, led by Martin Radev, alleged Gill used his social media influence…
The Silvergate SEC settlement addresses charges that the bank and its former executives failed to…
Nate Geraci said the U.S. Securities and Exchange Commission has acknowledged receipt of the 19b-4…
The volume-weighted average price (VWAP), which displays an asset's value fluctuations throughout the day, is…
The long Binance US SEC lawsuit tussle suddenly took a different turn as the Court…
Polkadot spend's financial report for the first half of 2024 revealed a euphoric spending spree…
This website uses cookies.