Ethereum PoW Fork Suffers its First Smart Contract Hack

The Ethereum PoW fork is off to a rocky start — one of the network’s smart contracts has endured a hack, triggering collapsing prices

article-image

Source: Shutterstock

share

key takeaways

  • An attacker has raided ETHW from a smart contract on the Ethereum proof-of-work fork
  • Cybersecurity researchers warn similar attacks could occur on other ETHW smart contracts

ETHPoW (ETHW), the fledgling proof-of-work (PoW) Ethereum fork, has seen its first significant smart contract hack since the network split late last week.

Blockchain security infrastructure firm BlockSec first alerted users of a so-called ‘replay attack’ on Sunday, which leveraged legitimate transactions on the proof-of-stake (PoS) Ethereum blockchain alongside DeFi application Gnosis and multi-token extension OmniBridge.

Replay attacks and exploits can occur when cryptocurrencies — in this case wrapped ether (WETH) and ETHW — are treated as the same asset, even though they technically exist on completely separate blockchains.

Ethereum transitioned its PoW-powered consensus model to PoS with a hard fork last Thursday. This formally ditched crypto miners in favor of collateralized validators, who, rather than run power-hungry GPU miners, stake crypto in the network for the right to process transactions.

In a bid to continue mining, some Ethereum participants opted to support a PoW fork in ETHW, a network which when deployed mirrored every single Ethereum-bound asset, including ether, NFTs and smart contracts underpinning protocols such as Gnosis and OmniBridge.

BlockSec told Blockworks the attack was not a replay exploit “on the chain level” but rather one resulting from a contract vulnerability. This means neither Gnosis nor the Ethereum and ETHW networks were hacked. Instead, the OmniBridge smart contract on the proof-of-work fork mistakenly paid out funds.

First, the exploiter transferred 200 wrapped ether (WETH), currently worth $260,000, through the Ethereum blockchain’s OmniBridge protocol to the Gnosis network. 

The hack consisted of replaying the same transaction message on the Ethereum PoW fork to receive 200 ETHW from that network’s copy of the OmniBridge smart contract.

ETHW markets tanked about 40% after word of the exploit first broke — from $8 to $5. It’s unclear whether the attacker cashed out the 200 ETHW stolen in the attack but it’s now worth about $1,000.

The attack was possible due to the OmniBridge on the PoW chain still accepting transactions that reference the proof-of-stake Ethereum blockchain’s “chainID,” a variable that serves as a unique identifier for different blockchain networks. The PoW fork uses a different chainID to help separate actions between the two networks.

“As a result, the balance of the chain contract deployed on the PoW chain would be drained,” BlockSec wrote. Security researchers warned such attacks could occur on ETHW in the leadup to the fork.

Gnosis co-founder Martin Koppelmann later tweeted to say that both Gnosis and Ethereum were in “no way affected.” 

“We do not support the (ETHW) chain and do not see us responsible for what is happening on that chain,” Koppelmann said. He said the attacker had spun up false bridge activity to drain funds on ETHW.

A suggestion to deactivate the bridge’s links to ETHW, effectively closing this particular security loophole, will be put forth to the governance team overseeing OmniBridge, he said. BlockSec warned in a blog that similar incidents could occur elsewhere across the ETHW network.

ETHW Core, the stewards of ETHW,  confirmed Sunday the attack involved a bridge contract vulnerability and had notified OmniBridge “in every way” to inform them of the risks but had yet to receive a response.


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

    Upcoming Events

    Javits Center North | 445 11th Ave

    Tues - Thurs, March 18 - 20, 2025

    Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

    Brooklyn, NY

    TUES - THURS, JUNE 24 - 26, 2025

    Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

    recent research

    Research Report Templates.png

    Research

    An overview of the Base Ecosystem, with a focus on market leaders.

    article-image

    Stanford professors David Mazières and Dan Boneh will lead the lab alongside a cohort of graduate student researchers

    article-image

    With more companies holding BTC, bitcoin yielding strategies could become “a new corporate finance norm,” CoinShares posed

    article-image

    The proposal comes after Polygon governance considered a controversial use of bridged liquidity for yield

    article-image

    Can the community balance its decentralized ethos with the need for inclusivity and constructive debate?

    article-image

    DAWN is positioning itself as a decentralized protocol for gigabit-level internet access

    article-image

    VanEck Ventures and VanEck’s Digital Assets Alpha Fund invested $2.5 million in DAWN through a strategic funding round, the teams exclusively told Blockworks