After a week of existence, the new blockchain Ethereum PoW (ETHW) has seen one of its applications suffer its first hack. The choice of the majority of the ecosystem to focus only on Ethereum (ETH) could then lead the applications of Ethereum PoW to die slowly.
A first hack occurs on an Ethereum PoW application
Following the Ethereum (ETH) Merge, a persistent chain named Ethereum PoW (ETHW) remained, gathering the few miners wishing to keep the proof-of-work consensus alive. With the majority of the ecosystem trusting the new Ethereum update, the viability of the PoW version is uncertain to say the least.
After a few days of existence, the first problems have started to appear. If on the side of the blockchain itself, everything seems to work as it should, it is not the case of all applications, and more particularly of OmniBridge. This platform allows communication with the Gnosis Chain and an error in the bridge’s smart contract allowed the attacker to execute actions on both the Ethereum blockchain and the PoW version.
This would come from the fact that OmniBridge uses the Ethereum Chain ID instead of the Ethereum PoW one on the proof-of-work chain. In simple terms, a Chain ID can be seen as the identity number of a blockchain. This malfunction allowed the attacker to empty the ETHW on the Ethereum PoW OmniBridge smart contract.
The course of the exploitation of the flaw
The attacker initially deposited ETHs in the OmniBridge smart contract on the Ethereum blockchain. He then removed them. In parallel, the Chain ID problem on OmniBridge of Ethereum PoW allowed the attacker to use a command, to receive an equivalent amount of ETHW on this network.
Normally, a series of updates on Ethereum, which is called Ethereum Improvement Proposal (EIP), should have prevented this type of attack. But the OmniBridge code would use an old version of the Solidity language. The hard fork that led to the birth of Ethereum PoW would have allowed these flaws to be revealed.
The loot of the operation is not significant in itself, the analysis of the transactions of the attacker shows that he returned 741 ETHW on the exchange platform MEXC. This brings the amount at the time of the incident to a value of $8-10,000 at most.
However, it is likely that similar problems are present in other applications and would allow other attackers to recover ETHW and sell them on centralized platforms.
Interacting with Ethereum PoW
For those who had ETH on the Ethereum network at the time of the Merge, they perceived an equivalent amount of ETHW on Ethereum PoW. The teams of the new network have indicated the information to be filled in to configure its wallet, to use it.
According to CoinGecko, the following platforms have already listed ETHW:
However, we remind you that you should remain vigilant about scam attempts on this occasion.