- On September 18, a vulnerability caused a replay attack on the Ethereum Proof-of-Work (PoW) network by replaying a message from the Ethereum POS chain.
- The bridge’s failure to properly check the cross-chain message’s actual chainid, which it keeps track of, is what gives rise to the exploitation.
On September 18, the Ethereum Proof-of-Work (PoW) community was subjected to a replay attack in which exploiters replayed a message from the Ethereum POS chain.
According to BlockSec, which discovered the attack first, the exploit occurred because the bridge did not precisely authenticate the precise chainID of the cross-chain message.
Based on the BlockSec thread, the underlying cause of the exploitation is that the bridge does not appropriately verify the real chainid (which it keeps track of) of the cross-chain message.
The exploiter first transferred 200 WETH via the Gnosis chain’s Omnibridge. The same transaction was then repeated on the PoW chain to obtain an additional 200 ETHW.
The attack has been confirmed by the official ETH PoW Twitter account, which clarified that it isn’t a transaction replay on the chain level. Instead, it’s due to the name information replay brought on by a contract error.
“We had tried every method to get in touch with Omni Bridge yesterday. Bridges are required to precisely confirm the cross-chain messages’ ChainID.”
Meanwhile, because the community enforced EIP-155 before the hard fork, a chain-level replay attack is not feasible on the ETHPOW chain. This means that no transaction may be performed on the POW chain or vice versa from the ETH proof-of-stake chain.
The exploit not taking place at the chain level may not matter much, though. Since the PoW fork has only been operational for a little over 72 hours, an early exploit could have a negative impact on the fork’s potential for further acceptance.
The attack has stunned people, and some, like @MilancheP, are making fun of the Ethereum community, calling it a “Nice scam” and adding that the chain is pitiful because “developers” are dumping from the first listing. People continue to buy this and still think it’s a coin-and-chain.
Others like @wonderingsheng and @ForwardIsGood are concerned about replay attacks.
The value of ETHW has suffered as a result of this attack. The price of the ETHW coin decreased by 17.8% over the past day. Over the past two weeks, the token’s value has dramatically decreased by more than 80%.