Due to a malfunctioning third-party contract, Ethereum PoW, the version of the Ethereum blockchain that is still running on a proof-of-work (PoW) consensus mechanism, was vulnerable to a replay attack over the course of the weekend.
On Sunday, blockchain security infrastructure company BlockSec notified users of a so-called “replay exploit” that exploited lawful transactions on the proof-of-stake (PoS) Ethereum blockchain, the DeFi application Gnosis, and the multi-token extension OmniBridge.
The term “replay exploit” refers to the situation in which the exact same transaction is repeated on both chains when it is not meant to happen.
The blockchain was created as a fork of the Ethereum network, which transitioned to a proof-of-stake (PoS) consensus method on Thursday during an event known as the Merge. The split of the Ethereum network created the blockchain. The Proof-of-Stake network is currently known as Ethereum.
According to BlockSec, the primary reason for the attack was that the Omni cross-chain bridge on the ETHW chain utilized an outdated chainID and did not properly validate the right chainID of the cross-chain message. This led to the vulnerability that allowed the exploit to take place.
The team indicated that this was not the right chainID that was obtained using the CHAINID opcode, which was compounded by the subsequent split that occurred after the Ethereum Merge. This opcode was suggested by EIP-1344 and was implemented after the Ethereum Merge.
According to statistics provided by CoinGecko, the value of ETHW tokens has dropped significantly in the last 24 hours after the discovery of the exploit, dropping by over 31% and increasing weekly losses to more than 80%.