A hacker took advantage of a vulnerability in OmniBridge protocol. Hacked and withdrew funds from it in new Ethereum PoW network tokens
The first hack of a smart contract in the new Ethereum PoW network brought a scammer 200 ETHW (about $1,000). Theft of funds was possible because OmniBridge protocol (a bridge to transfer funds between different blockchains) in PoW network. He received a second message about transaction already made in Ethereum network. This was reported on Twitter by BlockSec, a cybersecurity company.
On morning of September 15, The Merge update took place on Ethereum’s main network. It switched altcoin from Proof-of-Work protocol to Proof-of-Stake (PoS). The token of the old version of this network received symbol ETHW.
On September 18, a scammer transferred 200 WETH via the OmniBridge protocol of Ethereum blockchain to Gnosis network. And then he repeated the same transaction message on the new PoW blockchain. To get 200 ETHW from a copy of the OmniBridge smart contract on this network.
Our experts explained that this attack was made possible by a vulnerability in the OmniBridge smart contract. It uses an incorrect unique blockchain identifier. The OmniBridge smart contract mixed up the networks and mistakenly paid a scammer.
The Ethereum PoW network itself was not hacked. The stolen funds belonged to the OmniBridge protocol. However, our experts warn a crypto community. That similar attacks using PoW blockchain and ETHW tokens can happen to other interconnect bridges.
ETHW rate has been falling on centralized exchanges since the start of hardfork. But its price in the old version of the network rose on Friday September 16 to 16,400 USDT on decentralized exchanges.