a first hack took place on Ethereum Pow

Following the transition to “proof of stake” by the Ethereum blockchain last week, hackers are beginning to exploit the flaws linked to the transition.

While everything was going according to plan the first few days, the transition from The Merge to Ethereum did not go smoothly. After the fall of ether below 1400 dollars, comes the time for hacks. Hackers have indeed found a loophole by exploiting the ambiguity of the transition process, which consists of moving ether to a new market logic, reports an article from the Corner newspaper.

A problem on a bridge between 2 blockchains

Indeed, refusing to switch to “proof of stake” (PoS), some miners have decided to launch a hard fork called Ethereum Pow (and its token ETHW) to keep the old blockchain protocol as “proof of work ” (PoW). However, thanks to the gateways that this creates, hackers have succeeded in duplicating their transactions on both environments at the same time: the new and the old. The company, BlockSec specializing in blockchain security, alerted to the attack on Sunday by spotting an error in the smart contract of the “Omni Bridge” bridge which bridges the two blockchains.

“The exploiter (0x82fae) first transferred 200 WETH (so-called “wrapped” ETH, which are tokens that can be exchanged for ethers, editor’s note) via the Omni Bridge Omni of the Gnosis chain, then replayed the same message on the PoW channel and got an additional 200 ETHW,” BlockSec tweeted. The attack occurred because the bridge failed to properly check the ChainId for the cross-chain message’s chain ID.”

As a reminder, a blockchain that uses a code similar to that of Ethereum has its own ID identifier, called ChainId. Concretely, the heart of the problem is that the protocol did not correctly check the ChainId during certain requests. The attacker thus exploited the vulnerability of the bridge, but not of the EthereumPow blockchain itself, explained its developers. “ETHW itself has applied the EIP-155 standard, and there is no replay attack from ETHPoS and to ETHPoS, which the security engineers of ETHW Core have planned in advance”, have wrote the ETHW Core developers in a Medium post.

“The spoils of the operation are not substantial in themselves, the analysis of the transactions of the attacker shows that he returned 741 ETHW on the exchange platform MEXC. This brings the amount, at the time of the facts, at a value of 8 to 10,000 dollars at most”, underlines for its part the specialized media Cryptoast.

Ether Fall

Many observers note that the new “proof of stake” protocol on which Ethereum is based is less secure and creates more vulnerabilities than the old “proof of work” system and that this is going to be complicated in the coming weeks. because this hard fork created between the old and the new blockchain is not the only one. Indeed, others already exist such as Ethereum Classic and Ethereum Fair and still others will be.

“As highlighted by BlockSec, this flaw is likely present on other DeFi protocols, which do not properly perform ChainId verification,” the article points out.

This first hack therefore multiplies the potential problems to come and also weighs on the face value of ether: in the space of a week, the price of cryptocurrency has fallen by 20%. On Monday, the cryptocurrency fell below the $1,400 threshold, a threshold under which it still remains despite a 4% rebound since Monday.

Antoine Larigaudrie edited by PA

Leave a Comment