Ethereum PoW Fork Suffers its First Smart Contract Hack

ETHPoW (ETHW), the fledgling proof-of-work (PoW) Ethereum fork, has seen its first significant smart contract hack since the network split late last week.

Blockchain security infrastructure firm BlockSec first alerted users of a so-called ‘replay attack’ on Sunday, which leveraged legitimate transactions on the proof-of-stake (PoS) Ethereum blockchain alongside DeFi application Gnosis and multi-token extension OmniBridge.

Replay attacks and exploits can occur when cryptocurrencies — in this case wrapped ether (WETH) and ETHW — are treated as the same asset, even though they technically exist on completely separate blockchains.

Ethereum transitioned its PoW-powered consensus model to PoS with a hard fork last Thursday. This formally ditched crypto miners in favor of collateralized validators, who, rather than run power-hungry GPU miners, stake crypto in the network for the right to process transactions.

In a bid to continue mining, some Ethereum participants opted to support a PoW fork in ETHW, a network which when deployed mirrored every single Ethereum-bound asset, including ether, NFTs and smart contracts underpinning protocols such as Gnosis and OmniBridge.

BlockSec told Blockworks the attack was not a replay exploit “on the chain level” but rather one resulting from a contract vulnerability. This means neither Gnosis nor the Ethereum and ETHW networks were hacked. Instead, the OmniBridge smart contract on the proof-of-work fork mistakenly paid out funds.

First, the exploiter transferred 200 wrapped ether (WETH), currently worth $260,000, through the Ethereum blockchain’s OmniBridge protocol to the Gnosis network. 

The hack consisted of replaying the same transaction message on the Ethereum PoW fork to receive 200 ETHW from that network’s copy of the OmniBridge smart contract.

ETHW markets tanked about 40% after word of the exploit first broke — from $8 to $5. It’s unclear whether the attacker cashed out the 200 ETHW stolen in the attack but it’s now worth about $1,000.

The attack was possible due to the OmniBridge on the PoW chain still accepting transactions that reference the proof-of-stake Ethereum blockchain’s “chainID,” a variable that serves as a unique identifier for different blockchain networks. The PoW fork uses a different chainID to help separate actions between the two networks.

“As a result, the balance of the chain contract deployed on the PoW chain would be drained,” BlockSec wrote. Security researchers warned such attacks could occur on ETHW in the leadup to the fork.

Gnosis co-founder Martin Koppelmann later tweeted to say that both Gnosis and Ethereum were in “no way affected.” 

“We do not support the (ETHW) chain and do not see us responsible for what is happening on that chain,” Koppelmann said. He said the attacker had spun up false bridge activity to drain funds on ETHW.

A suggestion to deactivate the bridge’s links to ETHW, effectively closing this particular security loophole, will be put forth to the governance team overseeing OmniBridge, he said. BlockSec warned in a blog that similar incidents could occur elsewhere across the ETHW network.

ETHW Core, the stewards of ETHW,  confirmed Sunday the attack involved a bridge contract vulnerability and had notified OmniBridge “in every way” to inform them of the risks but had yet to receive a response.

---

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.