BlockSec Issues Notice of Replay Exploit on ETH PoW

Only a few days after the Ethereum (ETH) consensus mechanism transitioned from a proof-of-work (PoW) to a proof-of-stake (PoS) through The Merge, the ETH PoW has been under attack. According to security company BlockSec who alerted the issue, the ETH PoS experienced a replay exploit which led to the loss of 200 Ether PoW (ETHW). 

🔥Reach more than 5 000 000 real investors via Twitter influencer marketing! 🔥

Based on the analysis, the perpetrator replayed a call data message on the ETH PoW after he initially input the same message on the PoS. In a Twitter thread, BlockSec affirmed that “the exploiter (0x82fae) first transferred 200 WETH through the Omni bridge of the Gnosis chain, and then replayed the same message on the PoW chain and got an extra 200 ETHW.”

Trying to proffer an explanation for the cause of the exploit, the security company declared that it was only a matter of improper verification.

The bridge had incorrectly verified the chain ID of the cross-chain message. The developer team mentioned that it had tried to connect with Omni Bridge to inform them of the impending risks of not accurately verifying chain IDs.

The team said “We have contacted the bridge in every way and informed them of the risks. Bridges need to correctly verify the actual ChainID of the cross-chain messages.” Up till the time of this writing, no response has been received from Omni Bridge. 

No Damage to The ETHW Blockchain

As a matter of fact, the developer team has issued a statement assuring the public that its ETHW blockchain was not affected. The exploitation only took its toll on the bridge exploiting its contract vulnerability.

Inversely, a chain level exploit is not possible because “ETHW itself has enforced EIP-155, and there is no replay attack from ETHPoS and to ETHPoS, which ETHW Core’s security engineers have planned in advance,” the ETH PoW blockchain developer team wrote in a Medium post.

Consequently, a few hours after the attack, the price of ETHW plummeted by 12% according to blockchain security company PerkShield. In the last 24 hours, it has experienced a total of almost 18% fall.

🔥Reach more than 5 000 000 real investors via Twitter influencer marketing! 🔥