BlockSec detects a replay exploit using ETHPoW tokens

Published on:

Last Updated on September 19, 2022 by Bitfinsider

According to a cybersecurity firm that alerted the issue on Sunday, the Ethereum proof-of-work blockchain suffered a replay exploit, with the attacker receiving an additional 200 ETHW tokens after replaying a message from the proof-of-stake chain on ETHPoW.

“The exploiter (0x82fae) first transferred 200 WETH through the Gnosis chain’s omni bridge, then replayed the same message on the PoW chain and received an additional 200 ETHW,” security firm BlockSec said on Twitter. According to the company, the attack occurred because the bridge failed to correctly verify the chain ID of the cross-chain message.

The ETHPoW blockchain developer team stated that the attack targeted the bridge’s contract vulnerability rather than the blockchain itself.

“ETHW has enforced EIP-155, and there is no replay attack from ETHPoS and to ETHPoS, which ETHW Core’s security engineers have planned ahead of time,” the ETHW Core developers wrote in a Medium post.

The developer team also stated that it had been attempting to contact Omni Bridge since Saturday in order to inform them of the risks. Omni Bridge did not respond immediately to a request for comment.

“We have contacted the bridge in every way possible and informed them of the risks,” the statement said. “Bridges must correctly validate the actual ChainID of cross-chain messages,” they stated.

Hardware wallets are safe and secure devices that can be used offline. They keep your cryptocurrency offline, making it impossible for you to be hacked. To find out more on the leading hardware wallets, you may view our reviews here: Ledger & Trezor
Disclaimer: The views and opinions expressed by the author, or any people mentioned in this article, are for informational purposes only, and they do not constitute financial, investment, legal, tax or other advice. Investing in or trading cryptocurrency or stocks comes with a risk of financial loss.