ETHPoW (ETW), a proof-of-work blockchain contentiously forked out of Ethereum’s Merge update, has surged by more than 60% three days after bottoming out locally at $3.82. The massive recovery appeared despite ETHPoW’s network suffering a replay attack.
The exploit enabled its attacker to steal about 200 ETHW, approximately $1,600. It involved duplicating transactions on both ETHPoW and Ethereum chains, meaning the attacker was able to swindle smart contracts to release tokens from one chain, despite executing the transaction on the other chain.
Notable comments about the ETHPoW exploitation
The CTO of Bitfinex, Paolo Ardoino, confirmed the attack and the contributions of prominent stakeholders in tackling the situation. In his words, the CTO said:
“In any case, this latest attack clearly demonstrates, as it has time and time again, that hackers are constantly on the lookout for these vulnerabilities and are an ever-present danger to our industry.”
BlockSec, an independent security firm, disclosed the causes of the exploit.
It noted that a contract was using inaccurate data on the ETHPoW Chain ID, giving room for vulnerability. Findings indicate that a Chain ID is a group of numbers utilized by MetaMask to approve transactions for the network.
However, a wrong Chain ID usually causes transactions to become unsuccessful because users are connected to the wrong network. Therefore, rendering the network useless.
The security firm alerted that the situation might drain the balance of the chain contract deployed on the ETHPoW.
Additionally, the developers of ETHPoW reacted to the issue via a post on Sunday. The developers submitted that the ETHPoW is safe, and the hacker didn’t exploit it. Instead, they divulged that the attacker exploited the contract weakness of the bridge.
Further, the developers said they’d reported the risks to the Bridge, stating the need to amend the initial ChainID of the cross-chain messages.
