Invaders launched a hit on the post-merge chain (ETHW) on Ethereum’s Proof-of-Work blockchain. The attack occurred over the weekend after the chain got exploited by a hybrid-chain contract. However, it forwarded a denial of the mode of the attack.
ETHW Annuls Replay Attack Claims
BlockSec, a smart contract auditing agency, motioned what seemed like an ETH replay attack on September 16. During the attack, the Invaders scooped ETHW tokens. They did so by modifying the call data of the ETH PoS block and replaying it on the ETH PoW layer.
The analyst attributed the reason behind the deed to an Omni fused chain bridge on ETHW. According to BlockSec, the bridge incorporated a previous chain identity that did not correlate with the new chain. Therefore, it could not verify messages sent to the correct chain.
ETH mainnet adopted two verifiers for its test networks that perform distinct functions. One is a network identifier, while the other is a chain identifier. Both IDs look after the chain and run its affairs.
Network identifier focuses on p2p messages betwixt nodes on the block. Meanwhile, the chain identifier verifies transaction signatures on the block.
EIP-155 initiated a chain identifier to restrict replay attacks on ETH (Ethereum), and ETC (Ethereum Classic) chains.
1/ Alert | BlockSec detected that exploiters are replaying the message (calldata) of the PoS chain on @EthereumPow. The root cause of the exploitation is that the bridge doesn't correctly verify the actual chainid (which is maintained by itself) of the cross-chain message.
— BlockSec (@BlockSecTeam) September 18, 2022
Immediately BlockSec discovered there was an attack; it informed Ethereum PoW handlers. The contract instead dismissed the claim that it had suffered an on-chain invasion. It said it was a call data replay on the contract and not transactional on-chain action.
However, it tried to inform Omni Bridge of the attack as an exploit of its contract.
Had tried every way to contact Omni Bridge yesterday.
Bridges need to correctly verify the actual ChainID of the cross-chain messages.
Again this is not a transaction replay on the chain level, it is a calldata replay due to the flaw of the specific contract. https://t.co/bHbYR4b2AW pic.twitter.com/NZDn61cslJ
— EthereumPoW (ETHW) Official #ETHW #ETHPoW (@EthereumPoW) September 18, 2022
Report Of The Attack
According to the report, the attacker began by moving two hundred ETH PoW tokens to an unknown wallet. They took advantage of the Omni Bridge belonging to the Gnosis chain. Afterward, they replayed a similar message on the ETH PoS chain and scooped an extra two hundred ETHW tokens.
Eventually, they milked the balance of the PoW chain to the last drop. An examination of the Omni Bridge revealed that the method to confirm chain identity was available. However, unit storage provided the used chainID from its value storage and was old.
Later, the developers confirmed the identifier to be different from the chainID suggested opcode. EIP-1344 designed and introduced a new ID due to the fork that followed the merge.
Using the old ID allowed the attacker to not only scoop the ETH PoW token. They gained access to other assets on the network. Afterward they went to sell these tokens on legit platforms.
Cointelegraph met with BlockSec to determine the number of assets stolen during the heist.
Ethereum PoW chain only exists because some miners concluded on mining new tokens. ETH has successfully transitioned to Proof-of-Stake from Proof-of-Work. So, this recent attack on PoW has less to do with its PoS counterpart.
It is worth noting that the merge reduced Ethereum’s total supply.
According to CoinMarketCap, ETHW was trading at $8.16 at press time.