Shortly after the launch of the Ethereum Merge, ETHPoW, the proof-of-work blockchain forked from the Ethereum proof-of-stake network, went live. However, the proof-of-work fork has been attacked through an exploit that resulted in an extra 200 ETHW tokens being stolen.
The attack, reported on Sunday, happened through the Omni Bridge on the Gnosis chain. Blockchain security company BlockSec reported the attack and released a statement through Medium:
“On September 16th, 2022, we detected that some attackers successfully harvested lots of ETHW by replaying the message (i.e., the calldata) of the PoS chain on EthereumPoW (aka the PoW chain). By doing so, the balance of the chain contract deployed on the PoW chain could be drained.”
This attack came off of an already rough start for the forked token. Within the first 24 hours, ETHW lost three-quarters of its value, and many users reported that they could not access the network using the information provided by the ETHPoW team. Also, miners earn a tenth of what they were when mining proof-of-work Ethereum.
The fork seemed to be in bad shape even prior to launching. The ETHPoW team was criticized for delaying its launch until hours after the Merge, which many attributed to poor organization and a lack of tooling.
Igor Artamonov, a former Ethereum Classic developer, highlighted the project’s failure to prepare a block explorer, wallet, and public Remote Procedure Call software well before launching.
BlockSec detailed that “the root cause of the exploitation is that the Omni bridge on the PoW chain uses the old chainId and doesn’t correctly verify the actual chainId of the cross-chain message,” stating that similar issues could exist in other protocols.
However, the news resulted in a heavy hit on the proof-of-work token, with its price plummeting around 37%. The token hit an all-time low of $4.22 on Monday but is currently sitting around $6.15 at the time of writing this (According to CoinMarketCap).