ETHW Replay Exploit Caused by Omni Contract Vulnerability

  • Over the weekend the Ethereum PoW network fell victim to a replay exploit, with the attacker executing the same transaction on two chains at the same time.
  • The exploit was caused by a contract vulnerability in the Omni cross-chain bridge, and did not affect the ETHW network itself.


The Ethereum Proof-of-Work (ETHW) network was the target of a cross-chain contract exploit only a day after the Merge was finalized, security company BlockSec said in a blog post on 18 September.

According to the company, the ETHW network — which was created as a fork of the Ethereum blockchain when it transitioned to a Proof-of-Stake (PoS) consensus mechanism — was the victim of a replay attack on 16 September. The exploiter was able to steal 200 ETHW tokens by replaying the call data from Ethereum’s PoS chain on the forked ETHW network. A replay exploit refers to when the same transaction is being executed on two chains when they are not supposed to.

After being notified about the exploit, the ETHW team quickly figured out that the attacker used the Omni cross-chain bridge on the Gnosis network to transfer 200 wETH tokens, and then replayed the same message on the PoW network, netting him an extra 200 ETHW tokens. The root cause of the problem came from Omni using an old chainID, and not correctly verifying the cross-chain message.

The team behind ETHW said they had reached out to the Omni bridge in “every way”, notifying them about the exploit. The PoW network was created after the Merge — which transitioned Ethereum from PoW to PoS — when a group of miners decided to continue the PoW network through a hard fork. The blockchain’s native token, ETHW, has fallen in price by more than 30% following the news of the exploit.

Related Coverage
MetaMask Launches Bridge Aggregator Feature
  • MetaMask Bridges was designed to aggregate multiple blockchain bridges in one place, making it easier and more secure for users to transfer their assets from one network to another.
  • The new feature currently supports the Ethereum, Avalanche, BNB Chain, and Polygon blockchains, as well as the Connext, Hop, Celer cBridge, and Polygon Bridge.
November 9, 2022, 5:11 PM
Hand holding mobile phone with MetaMask app running and MetaMask logo in background


The Merge is Finalized, Ethereum Switches to Proof-of-Stake
  • Ethereum’s PoS upgrade, also known as the Merge, was executed at 06:44 AM UTC on 15 September, combining the existing blockchain with the parallel Beacon Chain.
  • The move has reduced Ethereum’s energy consumption by more than 99%, which is equal to 0.2% of the global electricity consumption.
Coinbase Launches Wrapped Staked ETH Token
  • Called Coinbase Wrapped Staked ETH (cbETH), the new token will allow Coinbase customers to use their staked ETH while still earning rewards on the exchange.
  • cbETH will not track the price of ETH as it represents the stacked token plus all of its accumulated staking interest, which will cause a “divergence” in the price of the two assets.