ETHPoW (ETHW), the emerging proof-of-work based fork of Ethereum, has witnessed its initial noteworthy hack of smart contracts. Such an event has been witnessed for the first time since there occurred a network split at the end of the previous week. BlockSec, a venue that offers the blockchain the security infrastructure, immediately reported about the happening of the exploit to the consumers on Sunday.
It disclosed that the respective ‘replay attack’ was caused by leveraging the legal transfers on Ethereum’s proof-of-stake-based blockchain in parallel to Gnosis (a DeFi application) and OmniBridge (a multi-token extension). Replay exploits and attacks can take place when the crypto assets like wrapped ether – WETH – and ETHW are considered as one asset, although they are technically present on totally different blockchains.
Initial Smart Contract Exploit Takes Place on PoW Fork of Ethereum
On the previous Thursday, Ethereum witnessed a major transition from the former PoW consensus to the latest PoS consensus mechanism. The respective event officially abandoned the Ethereum miners while favoring the centralized validators. They stake their crypto holdings existing within the network to have the capability to process the transfers.
In this scenario, while attempting to keep doing the mining of Ethereum tokens, the participants of Ethereum moved toward supporting a PoW fork for ETHW to deal with smart contracts, NFTs, and ether based on the protocols like OmniBridge and Gnosis. BlockSec expressed that the exploit did not look like a replay exploit on the scale of chain instead it resulted from a vulnerability in the smart contract.
This indicates that neither of the ETHW, Ethereum, or Gnosis networks was hacked and the funds were paid out mistakenly by the smart contract of OmniBridge on the PoW fork. Initially, the attacker transacted 200 wrapped ether (WETH) via the OmniBridge (a protocol on the Ethereum blockchain) to the Gnosis network. The strategy of the hack was to replay the single transfer string on the PoW fork of Ethereum to get two hundred ETHW from the OmniBridge-based smart contract’ copy on the network.
Security Researchers Caution that Such Hacks Could Occur Afterwards
The markets of ETHW were deprived of 40% following the exploit. It is ambiguous if the exploiter withdrew the exploited amount in cash. The reason behind the effectiveness of the exploit was the fact that the PoW chain-based OmniBridge is even now permitting the transfer that references the chainID (considered to be a variable serving as an exclusive identifier for diverse blockchain-based networks) of Ethereum’s proof-of-stake blockchain. On the other hand, a separate chainID is utilized by the PoW fork to assist in making a distinction between the 2 networks.
As a direct result of this, drainage would have occurred in the chain contract’s overall balance. Researchers in the field of information security believe that in the not-too-distant future, exploits of this type may also occur on ETHW. Martin Kappelmann, the co-founder of Gnosis, assured the consumers through a Twitter post that Ethereum and Gnosis did not experience any impact due to the exploit incident.