An unknown actor stole assets worth more than 1,300 ETH (about $1.48 million) from the Omni lending protocol using a reentrancy attack.
It seems a reentrancy-related hack. @ParallelFi @OMNI_xyz The stolen funds were just mixed via @TornadoCash https://t.co/Nyunlkk3rr pic.twitter.com/XxxVyX80Fq
— PeckShield Inc. (@peckshield) July 10, 2022
The platform allows users to borrow funds against NFT collateral. The hacker used tokens from the Doodles collection for the attack.
The loan secured in cryptocurrency was used by the attacker to purchase more NFTs. He then withdrew the NFTs, without returning the borrowed funds, exploiting the vulnerability.
The stolen assets were sent to the Tornado Cash mixing service.
The Omni team said that the protocol is still in beta, so users’ funds were not affected by the incident.
Statement:
1/ OMNI is still in a testing (beta). No customer funds were lost, only internal testing funds were affected!
We have suspended the OMNI protocol until we completed the investigation and have everything reviewed again by external security and auditing firms.
— OMNI (@OMNI_xyz) July 10, 2022
«We have suspended the OMNI protocol until we complete the investigation and recheck everything with the help of external security and auditing firms», the developers said.
In the first half of 2022, hackers targeting the crypto industry stole $1.97 billion in attacks on 175 projects.
Read ForkLog’s Bitcoin news on our Telegram — news on cryptocurrencies, prices and analysis.