BlockNews.com
  • Crypto
  • NFT
  • Metaverse
  • DeFi
  • Business
  • Technology
  • Opinion
  • Guides
No Result
View All Result
SUBSCRIBE
BlockNews.com
  • Crypto
  • NFT
  • Metaverse
  • DeFi
  • Business
  • Technology
  • Opinion
  • Guides
No Result
View All Result
BlockNews.com
No Result
View All Result
Home Crypto

Smart Contract Hack: Ethereum’s PoW Fork (ETWH) Gets Hacked

BlockNews Team by BlockNews Team
September 21, 2022
in Crypto, Media, Social, Technology
Reading Time: 4 mins read
A A
Eth-Logo
1
SHARES
20
VIEWS
Share on TwitterShare on Reddit

The Ethereum Proof of Work (PoW) Chain, ETHW, has been scrambling to quell the claims that an on-chain replay attack hit it over the weekend. The Ethereum PoW fork is already off to a negative start. The smart contracts hack has triggered a collapse in prices. A blockchain security firm, BlockSec, alerted ETHW users of a replay attack in the network.

You might also like

Around The Block – MAR 24 Week in News

Web3 Needs its ‘WordPress Moment’ to Speed up Positive Disruption

UK to Mandate Declaration of Crypto Holdings in Tax Forms

1/ Alert | BlockSec detected that exploiters are replaying the message (calldata) of the PoS chain on @EthereumPow. The root cause of the exploitation is that the bridge doesn't correctly verify the actual chainid (which is maintained by itself) of the cross-chain message.

— BlockSec (@BlockSecTeam) September 18, 2022
Via @BlockSecTeam – Twitter

According to BlockSec, the replay attack occurred on September 16th. In this attack, the attackers obtained ETHW tokens by replaying Ethereum’s Proof of Stake (PoS) chain call data on the Ethereum fork PoW chain. Replay attacks are common when cryptocurrencies exist as a similar asset yet exist as separate blockchains. They are common in hard forks.

BlockSec, says that the root cause of the exploit was ETHW chain’s Omni cross-chain bridge. The bridge was using old ChainIDs and not correctly validating the correct ChainID for cross-chain messages. The Ethereum Mainnet and Testnet use two identifiers for different purposes: a Network ID and a Chain ID. Peer-to-peer messages between nodes use Network IDs, while transaction signing uses Chain IDs. EIP-155 introduced Chain ID to prevent replay attacks between ETH and Ethereum Classic (ETC) blockchains.

Events Leading to the ETWH Hack

By replaying similar transaction messages on Ethereum PoW, the hacker transferred 200 wrapped Ethereum ($260,000) using Omni bridge. OmniBridge is built on the Gnosis network, which is built on Ethereum Network. 

The hacker aimed to receive 200 ETHW from the web and a copy of the OmniBridge smart contract. Almost 40 minutes after the exploit happened, the ETHW market plummeted from $8 to $5. It is unclear if the attacker cashed out the 200 ETHW stolen in the attack. How could the attack be possible, yet cryptocurrency is secure?

Had tried every way to contact Omni Bridge yesterday.

Bridges need to correctly verify the actual ChainID of the cross-chain messages.

Again this is not a transaction replay on the chain level, it is a calldata replay due to the flaw of the specific contract. https://t.co/bHbYR4b2AW pic.twitter.com/NZDn61cslJ

— EthereumPoW (ETHW) Official #ETHW #ETHPoW (@EthereumPoW) September 18, 2022
Via @BlockSecTeam – Twitter

According to Gnosis Co-founder Martin Koppelman, the attack was possible because OmniBridge, which is on the PoW chain, continues to accept transactions pointing to the Chain ID of the Proof of Stake Ethereum blockchain. 

This creates a variable that serves as a unique identifier for various blockchain networks. PoW forks use different ChainIDs to separate actions between the two networks. Because of this, the balance of the chain contract deployed on the PoW chain depletes.

Security researchers had warned users that such attacks against ETHW could occur in preparation for the fork. Gnosis co-founder Martin Koppelmann later said that both Gnosis and Ethereum were utterly unaffected.  

Detecting and Preventing Ethereum Blockchain Smart Contract Reentrancy Attacks

Smart contracts are immutable, public, and distributed on the Ethereum blockchain. However, vulnerabilities can occur due to the developer’s programming. Between 2016 and 2018, seven cybersecurity incidents related to Ethereum smart contracts resulted in economic losses of over $289 million. Reentrancy vulnerabilities were at the root of two of these incidents.

The impact far exceeded the financial loss. Several reentrancy countermeasures are available based on defined patterns. These patterns help to prevent the exploitation of vulnerabilities before deploying smart contracts. Some current protective methods include;

  •     Smart Contracts Vulnerabilities Detection Tools
  •     SmartCheck
  •     Remix
  •     Oyente
  •     Mythril
  •     Security
  •     F* Framework
  •     Security Based on Programming Languages
  •     Security Based on the Development of Smart Contracts

Developers should make sure to put security first. Just as the Ethereum Merge occurred in stages, crypto network upgrades too should appear in stages. This prevents any possibility of losing millions.

Tags: BlockchaincryptoethereumWeb3
TweetShareShare

Recommended For You

Around The Block – MAR 24 Week in News

by BlockNews Team
March 24, 2023
0
Around the Block

Introduction In this recap of the crypto world, we will explore the events and news that had the most significant impact in the past week of March 20th....

Read more

Web3 Needs its ‘WordPress Moment’ to Speed up Positive Disruption

by BlockNews Team
March 24, 2023
0
quicknode

QuickNode is leading the charge as Web3 is poised to revolutionize the world, but it needs its "WordPress moment" to accelerate positive disruption. Blockchain technology can upend manual-intensive...

Read more

UK to Mandate Declaration of Crypto Holdings in Tax Forms

by BlockNews Team
March 24, 2023
0
parliment

The government hopes to close regulatory gaps and stop illegal operations by enacting rules that address various parts of the industry. The requirement to disclose cryptocurrency holdings in...

Read more

The Fed Increases Interest Rates By 25 Basis Points- Impact On Crypto Prices

by BlockNews Team
March 24, 2023
0
The Fed Increases Interest Rates By 25 Basis Points- Impact On Crypto Prices

Crypto prices display rapid fluctuations as the U.S. Federal Reserve hikes interest rates by 0.25%. Investors remain upbeat about the medium-term outlook of Bitcoin and the wider crypto...

Read more

Telegram Enables USDT Stablecoin Payments on the Tron Network

by BlockNews Team
March 24, 2023
0
Telegram

Telegram integrates USDT-TRON (TRC20) into its platform, allowing users to send the stablecoin to their contacts seamlessly and without transaction fees. Telegram's venture into cryptocurrencies began with the...

Read more
Next Post
Bitcoin

Bitcoin Falls To $18,000 Ahead of FOMC Meeting - What Next For BTC?

Related News

Harmony’s Native Token, ONE, Drops Nearly 10% after Bridge Hack

Harmony’s Native Token, ONE, Drops Nearly 10% after Bridge Hack

June 24, 2022
CoinSwitch-India

India’s Financial Authority Searches Crypto Exchange CoinSwitch Kuber

September 3, 2022
Eth-Logo

The Merge Is Here, Ethereum Is Officially A Proof Of Stake Blockchain

September 15, 2022

Browse by Category

  • Breaking News
  • Business
  • Crypto
  • DeFi
  • Finance
  • Gaming
  • Guides
  • Investing
  • Media
  • Metaverse
  • NFT
  • Opinion
  • Politics
  • Social
  • Technology
  • Uncategorized
BlockNews.com

BlockNews.com brings you the most important Crypto and NFT news in the space.

CATEGORIES

  • Breaking News
  • Business
  • Crypto
  • DeFi
  • Finance
  • Gaming
  • Guides
  • Investing
  • Media
  • Metaverse
  • NFT
  • Opinion
  • Politics
  • Social
  • Technology
  • Uncategorized

RECENT POSTS

  • Around The Block – MAR 24 Week in News March 24, 2023
  • Web3 Needs its ‘WordPress Moment’ to Speed up Positive Disruption March 24, 2023
  • UK to Mandate Declaration of Crypto Holdings in Tax Forms March 24, 2023

© 2022 BlockNews.com - Crypto and NFT news website by JRNY Club.

No Result
View All Result
  • Home
  • Crypto
  • NFT
  • Metaverse
  • DeFi
  • Business
  • Technology
  • Opinion
  • Guides

© 2022 BlockNews.com - Crypto and NFT news website by JRNY Club.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?