After the Ethereum blockchain’s move to “proof-of-stake” last week, hackers are starting to exploit the flaws related to the transition.
While everything was going according to plan in the early days, the transition from The Merge to Ethereum didn’t go smoothly. After the ether has dropped below $ 1400, it’s time to hack. Hackers have in fact found a loophole by exploiting the ambiguity of the transition process, which consists in moving the ether towards a new market logic, reports an article in the Corner newspaper.
A problem on a bridge between 2 blockchains
In fact, refusing to move to “proof of stake” (PoS), some miners have decided to launch a hard fork called Ethereum Pow (and its ETHW token) to keep the old blockchain protocol as a “proof of work” (PoW). However, thanks to the gateways this creates, the hackers were able to duplicate their transactions on both environments at the same time: the new and the old. The company, BlockSec specializing in blockchain security, alerted Sunday of the attack by identifying an error in the smart contract of the “Omni Bridge” bridge that connects the two blockchains.
“The exploiter (0x82fae) first transferred 200 WETH (the so-called” wrapped “ETH, which are tokens that can be exchanged for ether, ed) via the Omni Bridge Omni of the Gnosis chain, then reproduced the same message on the PoW channel and got another 200 ETHW, “tweeted BlockSec. The attack occurred because the bridge was unable to properly check the ChainId for the chain ID of the cross-chain message. “
Recall that a blockchain that uses a code similar to that of Ethereum has its own ID identifier, called ChainId. Concretely, the heart of the problem is that the protocol did not check the ChainId correctly during certain requests. The attacker thus exploited the vulnerability of the bridge, but not the EthereumPow blockchain itself, its developers explained. “ETHW itself has applied the EIP-155 standard and there is no replication attack from ETHPoS and ETHPoS, which ETHW Core’s security engineers have planned ahead,” the ETHW Core developers wrote in a medium post.
“The loot of the operation is not substantial in itself, the analysis of the attacker’s transactions shows that he returned 741 ETHW on the MEXC exchange platform. This brings the amount, at the time of the facts, to a value of 8 a 10,000 dollars at most ”, underlines the specialized Cryptoast media for its part.
Many observers note that the new “proof of stake” protocol on which Ethereum is based is less secure and creates more vulnerabilities than the old “proof of work” system and that this will be complicated in the coming weeks, because this hard fork created between the old and the new blockchain is not the only one. In fact, others already exist such as Ethereum Classic and Ethereum Fair and others still will be.
“As highlighted by BlockSec, this flaw is likely present on other DeFi protocols, which do not perform ChainId verification correctly,” the article points out.
This first hack therefore multiplies the potential problems to come and also weighs on the face value of the ether: within a week the price of the cryptocurrency has dropped by 20%. The cryptocurrency dropped below the $ 1,400 mark on Monday, which it still remains below despite a 4% rebound since Monday.