Ethereum PoW Fork Suffers its First Smart Contract Hack

The Ethereum PoW fork is off to a rocky start — one of the network’s smart contracts has endured a hack, triggering collapsing prices


Source: Shutterstock


key takeaways

  • An attacker has raided ETHW from a smart contract on the Ethereum proof-of-work fork
  • Cybersecurity researchers warn similar attacks could occur on other ETHW smart contracts

ETHPoW (ETHW), the fledgling proof-of-work (PoW) Ethereum fork, has seen its first significant smart contract hack since the network split late last week.

Blockchain security infrastructure firm BlockSec first alerted users of a so-called ‘replay attack’ on Sunday, which leveraged legitimate transactions on the proof-of-stake (PoS) Ethereum blockchain alongside DeFi application Gnosis and multi-token extension OmniBridge.

Replay attacks and exploits can occur when cryptocurrencies — in this case wrapped ether (WETH) and ETHW — are treated as the same asset, even though they technically exist on completely separate blockchains.

Ethereum transitioned its PoW-powered consensus model to PoS with a hard fork last Thursday. This formally ditched crypto miners in favor of collateralized validators, who, rather than run power-hungry GPU miners, stake crypto in the network for the right to process transactions.

In a bid to continue mining, some Ethereum participants opted to support a PoW fork in ETHW, a network which when deployed mirrored every single Ethereum-bound asset, including ether, NFTs and smart contracts underpinning protocols such as Gnosis and OmniBridge.

BlockSec told Blockworks the attack was not a replay exploit “on the chain level” but rather one resulting from a contract vulnerability. This means neither Gnosis nor the Ethereum and ETHW networks were hacked. Instead, the OmniBridge smart contract on the proof-of-work fork mistakenly paid out funds.

First, the exploiter transferred 200 wrapped ether (WETH), currently worth $260,000, through the Ethereum blockchain’s OmniBridge protocol to the Gnosis network. 

The hack consisted of replaying the same transaction message on the Ethereum PoW fork to receive 200 ETHW from that network’s copy of the OmniBridge smart contract.

ETHW markets tanked about 40% after word of the exploit first broke — from $8 to $5. It’s unclear whether the attacker cashed out the 200 ETHW stolen in the attack but it’s now worth about $1,000.

The attack was possible due to the OmniBridge on the PoW chain still accepting transactions that reference the proof-of-stake Ethereum blockchain’s “chainID,” a variable that serves as a unique identifier for different blockchain networks. The PoW fork uses a different chainID to help separate actions between the two networks.

“As a result, the balance of the chain contract deployed on the PoW chain would be drained,” BlockSec wrote. Security researchers warned such attacks could occur on ETHW in the leadup to the fork.

Gnosis co-founder Martin Koppelmann later tweeted to say that both Gnosis and Ethereum were in “no way affected.” 

“We do not support the (ETHW) chain and do not see us responsible for what is happening on that chain,” Koppelmann said. He said the attacker had spun up false bridge activity to drain funds on ETHW.

A suggestion to deactivate the bridge’s links to ETHW, effectively closing this particular security loophole, will be put forth to the governance team overseeing OmniBridge, he said. BlockSec warned in a blog that similar incidents could occur elsewhere across the ETHW network.

ETHW Core, the stewards of ETHW,  confirmed Sunday the attack involved a bridge contract vulnerability and had notified OmniBridge “in every way” to inform them of the risks but had yet to receive a response.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.


    Upcoming Events

    Salt Lake City, UT

    MON - TUES, OCT. 7 - 8, 2024

    Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

    Salt Lake City, UT

    WED - FRI, OCTOBER 9 - 11, 2024

    Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

    recent research

    Research Report Templates.png


    ZKPs enable efficient offchain transaction processing and validation, resulting in increased throughput and reduced fees. Solana's ZK Compression leverages ZKPs to minimize onchain storage costs, while Sui's zkLogin streamlines user onboarding by replacing complex key management with familiar OAuth credentials.


    The crypto asset manager lowered its planned fee from 0.25% to 0.15%, undercutting its competitors


    Plus, a look at planned ETH ETF fees and how they differ from their BTC counterparts


    North Korea suspected in breach of Indian exchange’s multisig wallet


    Plus, Sanctum’s CLOUD token has officially launched — but not without problems


    It’s not yet clear whether Donald Trump is pumping bitcoin. But an unofficial memecoin is still seeing benefit.