According to BlockSec, which first discovered the attack, the exploit happened because the bridge did not correctly verify the actual chainID of the cross-chain message.
The exploiter first transferred 200 WETH through the Omnibridge of the Gnosis chain. Then, the same transaction was replayed on the PoW chain to get an extra 200 ETHW.
According to the blockchain security firm, the attacker could drain the balance of the contract on the PoW chain.
CertiK further stated that the exploiter has transferred the funds to MEXC.
ETH PoW team says the transaction replay was not on chain level
ETH PoW’s official Twitter account has acknowledged the attack stating that it is not a transaction replay on the chain level. Instead, it is due to the call data replay caused by a flaw in the contract.
The team said:
“(We) Had tried every way to contact Omni Bridge yesterday. Bridges need to correctly verify the actual ChainID of the cross-chain messages.”
Meanwhile, a chain-level replay attack is impossible on the ETHPOW chain as the network enforced EIP-155 before the hard fork. This means that transactions on the ETH proof-of-stake chain cannot be re-enacted on the POW chain or Vice versa.
However, the fact that the exploit is not happening on the chain level might not matter much. The PoW fork has only been live for less than 72 hours and experiencing an exploit this early could affect its potential for more adoption.
ETHW sheds 18%
According to Peckshield, ETHW shed 12% of its value on the back of the news.
In the last 24 hours, the ETHW token dropped by 17.8%. The token has seen its value massively decline by more than 80% within the last two weeks.
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.