- NFT protocol OMNI experienced a hack where 1,300 ETH in internal testing funds were stolen.
- The attacker used Doodle NFTs as collateral to borrow wrapped ETH.
- The company has assured that no customer money was stolen and that it is halting all of its operations for the time being.
OMNI quickly pointed out that the protocol was still in beta and was only affected by the internal testing fund. The team has suspended the protocol and is currently investigating the cause of the attack. PeckShield later said that the attack “seems a reentrancy-related hack.”
Following a bad faith staking of NFTs by the Doodle collection, the project in question was unable to recover its investment. The attacker deposited Doodles as collateral for a loan of wrapped ETH (wETH) to perform the assault. The exploiter was then able to take all Doodles except for one, allowing him to execute the callback function that voided the debt he incurred by purchasing wETH.
BlockSec, a cryptography security firm, subsequently detailed the breach, explaining that the protocol was “hacked due to old-fashioned reentrancy of onERC721Received.It also demonstrated smart contract flaws, revealing that the attacker was using NFTs to borrow ETH. The borrowed ETH was transformed into a non-performing debt that did not have to be reimbursed.
The incident is still under investigation, and there has yet to be a report or any specifics released by OMNI. The NFT protocol OMNI is a money market that provides lending and borrowing services to users. OMNI users can lend ERC-20 tokens and NFTs, and use NFTs as collateral to borrow crypto.