A replay assault in opposition to Omni bridge resulted in a hacker exploiting 200 WETH from the Ethereum PoW chain.
On Sept. 18, safety agency BlockSec recognized a replay assault launched in opposition to the Ethereum PoW chain.
The attacker transferred 200 WETH from the Ethereum PoS chain by way of the Omni bridge. The transaction was reportedly replicated on the Ethereum PoW chain.
3/ The exploiter (0x82fae) first transferred 200 WETH by way of the omni bridge of the Gnosis chain, after which replayed the identical message on the PoW chain and bought further 200 ETHW. In consequence, the steadiness of the chain contract deployed on the PoW chain can be drained.
— BlockSec (@BlockSecTeam) September 18, 2022
Omni bridge didn’t validate the precise chainID earlier than approving the transaction. In consequence, the PoW chain was drained of 200 WETH.
In line with safety agency Certik, the attacker has transferred the funds by way of Mexc World for doable money out.
EthereumPoW is Safu
From the TX hash of the exploit, the ETHPoS and ETHPoW had totally different transaction information.
ETHW Core builders clarified that the replay assault was inconceivable in opposition to EthereumPoW because it enforced EIP-155.
By design, EIP-155 contains the chainID of a transaction to keep away from replays of the transaction on totally different chains.
ETHW Core added that the assault exploited a contract vulnerability of the Omni bridge. The bridge has been knowledgeable to handle the difficulty.
Sluggish adoption for ETHW
Since launching on Sept. 15. Ethereum PoW has not gathered a lot adoption from the crypto neighborhood.
Main exchanges like FTX, OKX, and Bybit rallied round to see that spot buying and selling opened for the ETHW token on Sept. 16. In consequence, ETHW value reached an all-time excessive of $60.68.
Nonetheless, with the overall market decline and low pleasure post-merge, ETHW has fallen under $5, shedding off over 90% of its all-time excessive acquire as press time.
Grayscale funding hinted at plans to unload its 3.1 million ETHPoW airdrop tokens. The agency mentioned it would promote the tokens and redistribute the proceeds to shareholders.
