BlockSec identifies ETHPoW token replay attacks
After repeating a message from the proof-of-stake chain on the Ethereum proof-of-work blockchain, an attacker was able to get an additional 200 ETHW tokens, according to a cybersecurity company that reported the bug on Sunday.
“The exploiter (0x82fae) first transmitted 200 WETH across the omni bridge of the Gnosis chain, and then replayed the identical message on the PoW chain to get a further 200 ETHW,” the security firm BlockSec tweeted. The corporation claims that the assault occurred because the bridge failed to check the chain ID of the cross-chain communication.
The ETHPoW blockchain development team said that an assault attacked the contract vulnerability of the bridge, rather than their network.
The ETHW Core developers noted in a Medium article, “ETHW itself has implemented EIP-155, and there is no replay attack from ETHPoS and to ETHPoS, as predicted in advance by ETHW Core’s security experts.”
Since Saturday, the development team has been attempting to contact Omni Bridge in order to alert them of the hazards. The company did not reply quickly to a request for comment.
It said, “We have contacted the bridge in every manner possible and notified them of the hazards.” “Bridges must validate the true ChainID of cross-chain communications,” they said.
This week, after The Merge, the ETHPoW split on the proof-of-work Ethereum network became online. According to statistics from TradingView, the token has decreased by more than 35% since the vulnerability was revealed on Sunday morning.