BlockNews
  • Crypto
  • Finance
  • Politics
  • Memecoins
  • NFT
  • Technology
  • Opinion
No Result
View All Result
FOLLOW
BlockNews
  • Crypto
  • Finance
  • Politics
  • Memecoins
  • NFT
  • Technology
  • Opinion
No Result
View All Result
BlockNews

Smart Contract Hack: Ethereum’s PoW Fork (ETWH) Gets Hacked

by BlockNews Team
September 21, 2022
in Crypto, Media, Social, Technology
A A
Smart Contract Hack: Ethereum’s PoW Fork (ETWH) Gets Hacked
1
SHARES
Share on TwitterShare on Reddit

The Ethereum Proof of Work (PoW) Chain, ETHW, has been scrambling to quell the claims that an on-chain replay attack hit it over the weekend. The Ethereum PoW fork is already off to a negative start. The smart contracts hack has triggered a collapse in prices. A blockchain security firm, BlockSec, alerted ETHW users of a replay attack in the network.

1/ Alert | BlockSec detected that exploiters are replaying the message (calldata) of the PoS chain on @EthereumPow. The root cause of the exploitation is that the bridge doesn't correctly verify the actual chainid (which is maintained by itself) of the cross-chain message.

— BlockSec (@BlockSecTeam) September 18, 2022
Via @BlockSecTeam – Twitter

According to BlockSec, the replay attack occurred on September 16th. In this attack, the attackers obtained ETHW tokens by replaying Ethereum’s Proof of Stake (PoS) chain call data on the Ethereum fork PoW chain. Replay attacks are common when cryptocurrencies exist as a similar asset yet exist as separate blockchains. They are common in hard forks.

BlockSec, says that the root cause of the exploit was ETHW chain’s Omni cross-chain bridge. The bridge was using old ChainIDs and not correctly validating the correct ChainID for cross-chain messages. The Ethereum Mainnet and Testnet use two identifiers for different purposes: a Network ID and a Chain ID. Peer-to-peer messages between nodes use Network IDs, while transaction signing uses Chain IDs. EIP-155 introduced Chain ID to prevent replay attacks between ETH and Ethereum Classic (ETC) blockchains.

Events Leading to the ETWH Hack

By replaying similar transaction messages on Ethereum PoW, the hacker transferred 200 wrapped Ethereum ($260,000) using Omni bridge. OmniBridge is built on the Gnosis network, which is built on Ethereum Network. 

The hacker aimed to receive 200 ETHW from the web and a copy of the OmniBridge smart contract. Almost 40 minutes after the exploit happened, the ETHW market plummeted from $8 to $5. It is unclear if the attacker cashed out the 200 ETHW stolen in the attack. How could the attack be possible, yet cryptocurrency is secure?

Had tried every way to contact Omni Bridge yesterday.

Bridges need to correctly verify the actual ChainID of the cross-chain messages.

Again this is not a transaction replay on the chain level, it is a calldata replay due to the flaw of the specific contract. https://t.co/bHbYR4b2AW pic.twitter.com/NZDn61cslJ

— EthereumPoW (ETHW) Official (@EthereumPoW) September 18, 2022
Via @BlockSecTeam – Twitter

According to Gnosis Co-founder Martin Koppelman, the attack was possible because OmniBridge, which is on the PoW chain, continues to accept transactions pointing to the Chain ID of the Proof of Stake Ethereum blockchain. 

This creates a variable that serves as a unique identifier for various blockchain networks. PoW forks use different ChainIDs to separate actions between the two networks. Because of this, the balance of the chain contract deployed on the PoW chain depletes.

Security researchers had warned users that such attacks against ETHW could occur in preparation for the fork. Gnosis co-founder Martin Koppelmann later said that both Gnosis and Ethereum were utterly unaffected.  

Detecting and Preventing Ethereum Blockchain Smart Contract Reentrancy Attacks

Smart contracts are immutable, public, and distributed on the Ethereum blockchain. However, vulnerabilities can occur due to the developer’s programming. Between 2016 and 2018, seven cybersecurity incidents related to Ethereum smart contracts resulted in economic losses of over $289 million. Reentrancy vulnerabilities were at the root of two of these incidents.

The impact far exceeded the financial loss. Several reentrancy countermeasures are available based on defined patterns. These patterns help to prevent the exploitation of vulnerabilities before deploying smart contracts. Some current protective methods include;

  •     Smart Contracts Vulnerabilities Detection Tools
  •     SmartCheck
  •     Remix
  •     Oyente
  •     Mythril
  •     Security
  •     F* Framework
  •     Security Based on Programming Languages
  •     Security Based on the Development of Smart Contracts

Developers should make sure to put security first. Just as the Ethereum Merge occurred in stages, crypto network upgrades too should appear in stages. This prevents any possibility of losing millions.

Tags: BlockchaincryptoethereumWeb3
TweetShareShare

DON'T MISS THESE! HOT OFF THE PRESS

JRNY CLUB Announces $JRNY Token and EARN Platform
Breaking News

JRNY CLUB Announces $JRNY Token and EARN Platform

May 7, 2025
Everything You Need to Know About Doodles Upcoming DOOD Token
Crypto

Everything You Need to Know About Doodles Upcoming DOOD Token

May 7, 2025
Mark Cuban Slams Trump’s Crypto Ventures as Self-Serving Disaster: Is This True?
Crypto

Mark Cuban Slams Trump’s Crypto Ventures as Self-Serving Disaster: Is This True?

May 7, 2025
U.S. Aims to Become Premier Hub for Digital Asset Innovation, Says Bessent
Crypto

U.S. Aims to Become Premier Hub for Digital Asset Innovation, Says Bessent

May 7, 2025
Analysts Predict Solana’s POPCAT Could Double Amid Surging Memecoin Interest: Here is Why
Crypto

Analysts Predict Solana’s POPCAT Could Double Amid Surging Memecoin Interest: Here is Why

May 7, 2025
Google Stock Tumbles Over 9% Amid Apple’s AI Search Plans: Is This a Buying Opportunity?
Business

Google Stock Tumbles Over 9% Amid Apple’s AI Search Plans: Is This a Buying Opportunity?

May 7, 2025
Load More

Related News

JRNY CLUB Announces $JRNY Token and EARN Platform

JRNY CLUB Announces $JRNY Token and EARN Platform

May 7, 2025
Everything You Need to Know About Doodles Upcoming DOOD Token

Everything You Need to Know About Doodles Upcoming DOOD Token

May 7, 2025
Federal Reserve Holds Steady as Trump Tariffs Threaten Economic Stability: The Hard Truth Exposed

Federal Reserve Holds Steady as Trump Tariffs Threaten Economic Stability: The Hard Truth Exposed

May 7, 2025
Mark Cuban Slams Trump’s Crypto Ventures as Self-Serving Disaster: Is This True?

Mark Cuban Slams Trump’s Crypto Ventures as Self-Serving Disaster: Is This True?

May 7, 2025
Federal Reserve Holds Rates Steady Amid Tariff Uncertainty: Trump Disappointment Grows

Federal Reserve Holds Rates Steady Amid Tariff Uncertainty: Trump Disappointment Grows

May 7, 2025
Discord Twitter Youtube TikTok Instagram

BLOCKNEWS.COM

BlockNews

BlockNews.com is your premier source for real-time cryptocurrency, blockchain, and financial market news.

Our mission is to deliver accurate, timely, and insightful information to help both seasoned investors and newcomers navigate the evolving digital economy.

With in-depth analysis, exclusive insights, and up-to-date news, BlockNews.com keeps you informed on the latest trends in crypto, DeFi, NFTs, tech, and beyond.

Stay ahead of the herd with BlockNews.com

RESOURCES

  • About
  • Newsletter
  • Advertise
  • Terms and Conditions
  • Privacy Policy

POPULAR TOPICS

$ADA $XRP AI Avalanche Binance Bitcoin Bitcoin ETF blackrock Blockchain BTC Business Cardano China Coinbase crypto cryptocurrency Crypto Exchange Crypto Regulation DeFi Dogecoin Donald Trump Elon Musk ETF eth ethereum Federal Reserve FTX Gary Gensler grayscale Memecoin metaverse Microstrategy NFT NFTs PEPE ripple sec Shiba Inu Solana Stablecoin Technology twitter US Web3 xrp

GET QUICKER UPDATES ON X

© 2022-2025 BlockNews.com - Crypto and NFT news website by Aiur Labs.

No Result
View All Result
  • Home
  • Crypto
  • Memecoins
  • Technology
  • Politics
  • Finance
  • NFT
  • DeFi
  • Opinion

© 2022-2025 BlockNews.com - Crypto and NFT news website by Aiur Labs.