Omni, a non-fungible token (NFT) platform was hacked by an attacker for 1,300ether (ETH), or $1.43 million. The hacker exploited Omni’s reentrancy vulnerability protocol.
NFT Money Market Platform allows users to openly stake their NFTs to gain tokens such as ETH.
Omni stated that although the hacker was able tamper with more than 1,300 wETH ($1.4million), Omni maintained that the theft didn’t affect customers’ funds. Omni stated that the hacker was able to drain more than 1,300 wETH ($1.4 million) from the ERC20 tradable version of ETH, but only its internal funds were affected as the platform is still in beta test mode.
According to the NFT company, the protocol was suspended for an exhaustive investigation.
According to The Block projects that were coded with Solidity Reentrancy is possible. This allows hackers force smart contracts to call an untrusted entity.
For this nature of the hack, Yajin Zhou – CEO of blockchain security company BlockSec – told The Block that the hacker deposited NFTs from a collection called Doodles, which were used to borrow wrapped ETH (WETH), tokenized versions of cryptocurrencies that are pegged to the value of the original coin.
After the liquidation and deposit of the position, all Doodle NFT remaining from the original collateral are returned to the attacker.
Zhou stated that hackers are known to liquidate loan positions when the NFT collateral left before the callback function was invoked wasn’t enough to cover the debt. This is why hackers often resort to reentrancy, as they can use borrowed WETH to purchase additional NFTs before liquidation.
Zhou also stated that the hacker used the Doodles NFT he had obtained with the original loan as collateral in order to borrow more WETH. Omni did not recognize the situation, so the hacker could withdraw NFTs and pay back the loan.
According to The Block data from Etherscan indicates that the attacker has already laundered funds via a coin-mingling service for private transactions on Ethereum called Tornado Cash.
Image source: Shutterstock
