A replay assault in opposition to Omni bridge resulted in a hacker exploiting 200 WETH from the Ethereum PoW chain.
On Sept. 18, safety agency BlockSec recognized a replay assault launched in opposition to the Ethereum PoW chain.
The attacker transferred 200 WETH from the Ethereum PoS chain by way of the Omni bridge. The transaction was reportedly replicated on the Ethereum PoW chain.
3/ The exploiter (0x82fae) first transferred 200 WETH by way of the omni bridge of the Gnosis chain, after which replayed the identical message on the PoW chain and acquired further 200 ETHW. In consequence, the steadiness of the chain contract deployed on the PoW chain can be drained.
— BlockSec (@BlockSecTeam) September 18, 2022
Omni bridge did not validate the precise chainID earlier than approving the transaction. In consequence, the PoW chain was drained of 200 WETH.
In keeping with safety agency Certik, the attacker has transferred the funds by way of Mexc World for doable money out.
EthereumPoW is Safu
From the TX hash of the exploit, the ETHPoS and ETHPoW had completely different transaction information.
ETHW Core builders clarified that the replay assault was unattainable in opposition to EthereumPoW because it enforced EIP-155.
By design, EIP-155 contains the chainID of a transaction to keep away from replays of the transaction on completely different chains.
ETHW Core added that the assault exploited a contract vulnerability of the Omni bridge. The bridge has been knowledgeable to handle the difficulty.
Gradual adoption for ETHW
Since launching on Sept. 15. Ethereum PoW has not gathered a lot adoption from the crypto neighborhood.
Main exchanges like FTX, OKX, and Bybit rallied round to see that spot buying and selling opened for the ETHW token on Sept. 16. In consequence, ETHW value reached an all-time excessive of $60.68.
Nonetheless, with the overall market decline and low pleasure post-merge, ETHW has fallen beneath $5, shedding off over 90% of its all-time excessive achieve as press time.
Grayscale funding hinted at plans to dump its 3.1 million ETHPoW airdrop tokens. The agency stated it should promote the tokens and redistribute the proceeds to shareholders.
