Views: 4
Read Time:1 Minute, 36 Second

It is barely a week since the Ethereum Proof-of-Work (PoW), or known as the ETHW token, went live, and it has become the target of cybercriminals.

According to an alert shared by blockchain security firm, BlockSec, the ETHW protocol suffered a replay attack with the hacker carting away 200 ETHW tokens. 

Help with my assignment!

Taking to Twitter, BlockSec said:

“The exploiter (0x82fae) first transferred 200 wETH through the omni bridge of the Gnosis chain, and then replayed the same message on the PoW chain and got extra 200 ETHW.”

As detailed by BlockSec, the attack occurred in part because the gnosis bridge didn’t correctly verify the chain ID of the cross-chain message. Despite the clear observation from BlockSec, the core developers behind the ETHW protocols said the attack did not originate from the ETHW blockchain and only affected the bridge instead. 

“ETHW itself has enforced EIP-155, and there is no replay attack from ETHPoS and to ETHPoS, which ETHW Core’s security engineers have planned in advance,” the ETHW Core developers wrote in a Medium post.

The developers said in the note that they have been making attempts to reach the Omni team in a bid to alert them of the exploit. 

“We have contacted the bridge in every way and informed them of the risks,” it said, adding that “Bridges need to correctly verify the actual ChainID of the cross-chain messages.”

The ETHW protocol was forked from the mainnet when Ethereum transitioned from the Proof-of-Work to the Proof-of-Stake (PoS) protocol. The PoS Ethereum was long in the making, and its success will allegedly make the Ethereum network expend 99% less energy through the employment of validation consensus models. 

The ETHW protocol has not launched on major exchanges, but its token IOU has gone live on top exchanges, including FTX, MEXC Global, and Bybit as reported earlier by Blockchain.News.

Image source: Shutterstock

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%

Leave a Reply

Your email address will not be published.