EthereumPoW Exploit – Rocky Start

Yesterday, in a blatantly authoritarian grab of power, the SEC filed a lawsuit which claimed the United States has jurisdiction over Ethereum nodes – while totally missing the point of what Ethereum nodes are designed for (i.e., decentralization). 

The lawsuit was filed against crypto researcher and YouTuber Ian Balina, claiming that he violated U.S. securities laws by promoting and reselling an unregistered ICO of Sparkster (SPRK) tokens in 2018. 

Notably, the SEC claimed jurisdiction on the matter by claiming that the transactions flowed from the U.S. as a result of being validated by nodes that were “clustered more densely” in the US. 

The filing read: 

“The U.S.-based investors in Balina’s pool irrevocably committed to the transaction when, from within the United States, they sent their ETH contributions to Balina’s pool. At that point, their ETH contributions were validated by a network of nodes on the Ethereum blockchain, which are clustered more densely in the United States than in any other country.” 

The SEC argued that as a result of the ETH nodes being “clustered more densely” in the US, “those transactions took place in the United States.” 

At this stage, it is unclear whether this claim will hold up in court or whether there is any legal precedent at stake. However, currently, 42.56% of the 7807 Ethereum nodes – less than half – are located in the U.S. according to Ethernodes. 

Aaron Lane, an Australian lawyer and senior research fellow at the RMIT Blockchain Innovation Hub speaking to Cointelegraph said the distribution of Ethereum nodes is largely irrelevant to the case at hand, explaining: 

“The fact that we’ve got a U.S. based plaintiff, a U.S. based defendant, and transactions flowing from the U.S. is what is most relevant here. It doesn’t matter whether the payment was done on Ethereum, Mastercard or any payment network for that matter.” 

Lane said that while the SEC’s claim was an interesting one, he added that even if Balina’s lawyers don’t contest the issue of jurisdiction, it’s not going to have any impact on future cases for now: 

“The defense may concede jurisdiction here, and if they do it won’t be an issue, and if it’s not a contested issue then the court won’t say anything about it. Any concern about legal precedent at this stage is premature.” 

The SEC has been previously criticized for its regulatory approach toward crypto, which has been labeled by some as “regulation by enforcement.” 

SEC Chair Gary Gensler recently hinted that Ether-based staking could also trigger U.S. securities laws shortly after Ethereum transitioned to Proof-of-Stake on September 15th. 

Responding to the lawsuit, Balina said in a 19-part twitter thread that the charges were “baseless” and that he “turned down settlement so they [SEC] have to prove themselves.” 

Balina did not comment on the SEC’s claim that the U.S. should be afforded jurisdiction for Ethereum-based transactions because of the heavy distribution of nodes situated in the U.S. 

Balina’s charges come as Sparkster and its CEO, Sajjad Daya, recently settled its case with the SEC on Sept. 19, agreeing to pay back $35 million to “harmed investors” after its initial coin offering (ICO) in 2018.

Ethereum PoW Sees Exploit Where Attackers Stole 200 ETHW – Days After Rocky Start

The EthereumPoW blockchain just forked from Ethereum last week after The Merge – but hasn’t gotten off to a great start so far. 

The new blockchain reportedly suffered a replay attack over the weekend and has resulted in the attacker getting an extra 200 ETHW tokens. 

EthereumPoW’s developers have taken urgent action to fix the problem after discovering it. The attack was reportedly due to a faulty contract on the Omni bridge and did not impact the blockchain itself. 


Cybersecurity firm BlockSec stated: 

”The exploiter (0x82fae) first transferred 200 WETH through the omni bridge of the Gnosis chain, and then replayed the same message on the PoW chain and got extra 200 ETHW.” 

The attack happened because the bridge didn’t correctly verify the chain ID of the cross-chain message, claimed BlockSec. 

The ETHPoW blockchain developer team reassured in a Medium post that the blockchain itself is not compromised: 

“ETHW itself has enforced EIP-155, and there is no replay attack from ETHPoS and to ETHPoW, which ETHW Core’s security engineers have planned in advance,” 

The ETHPoW fork on the Proof-of-Work Ethereum blockchain went live last week after The MErge. The token has fallen over 35% following the news of the exploit Sunday morning, according to data from TradingView.

Ethereum Name Service Wins Injunction Against GoDaddy, Regaining Control Over ‘Eth.link’ Domain Name

True Names Ltd., the parent company of the Ethereum Name Service (ENS), has successfully obtained a preliminary injunction against web domain registrar GoDaddy in the case involving ‘eth.link’ domain name. The injunction order has reportedly restored ENS’s control over the ‘eth.link’ domain. 

The court ruling reads: 

“To the extent ownership interest in the Domain has been sold or transferred away from Plaintiffs as the registrants, Defendants shall immediately transfer ownership in the Domain back to Plaintiffs.” 

The company behind the Web3 domain service and Virgil Griffith sued GoDaddy earlier this month, alleging the domain registration platform falsely announced eth.link had expired, and then sold it to a third party. 

Eth.link functioned as a critical bridge for Ethereum Name Service, that allowed users without Web3-enabled internet browsers to access the ‘.eth’ addresses it offered. ENS had around two million domain name registrations as of August 17th. 

True Names Ltd, the company that created ENS, sued GoDaddy in early September, alleging the domain registration platform had incorrectly told eth.link users that the address registration had expired and that GoDaddy had later sold the rights to the domain to a Web3 startup before it was supposed to be available for repurchase. 

“We are pleased with the court’s decision and are happy users can now resume using eth.link without disruption,” said Nick Johnson, founder of ENS. 

ENS Domains announced on Twitter late Sunday that eth.liunk was back online and that users are welcome to resume using the service. 

The complaint was filed against GoDaddy in the U.S. District Court for the District of Arizona. 

The complaint also said the domain was sold to Web3 startup Manifold Finance on September 3, two days before it was supposed to go on sale again. Complicating matters further, the person with the power to renew the registration for eth.link, Virgil Griffith, is serving a five-year prison sentence for speaking about sanctions evasions using crypto at a conference in North Korea. 

With the filing, plaintiffs True Names and Griffith sought damages worth at least $75,000 excluding legal costs, and a temporary restyraining order against GoDaddy. 

The website eth.link is back online as of Monday, and according to GoDaddy records, the addre4ss is now registered with another domain registrar Dynadot LLC, which is set to expire in 2023.

Luke Baldwin