1,300 ETH Stolen from NFT Lending Platform OMNI in Re-entrancy Exploit

1,300 ETH Stolen from NFT Lending Platform OMNI in Re-entrancy Exploit

OMNI, an NFT finance protocol that lends crypto to users in exchange for staked NFTs, has suffered a breach leading to the theft of 1,300 ETH ($1.43 million USD) as the hacker exploited the firm’s re-entrancy vulnerability protocol.

OMNI Suffers 1,300 ETH Exploit

On Sunday, June 10th, blockchain security company PeckShield reported that OMNI had suffered a re-entrancy exploit, through which a hacker had stolen more than 1,300 wETH ($1.4 million USD). 

According to a postmortem conducted by BlockSec, the hacker deposited NFTs from the ‘Doodles‘ collection in order to borrow wrapped ETH (wETH). The hacker then used the Doodles NFT acquired with the initial loan as collateral to borrow more wETH. 

However, OMNI failed to identify this as a new position, and thus allowed the hacker to withdraw the NFTs without paying back the loan.

No User Funds Were Stolen 

According to OMNI, the protocol is still in its beta phase, and the stolen Ether was from internal testing funds. OMNI has since suspended its services, but confirmed that no customer funds were lost in the exploit.

On the Flipside

  • On-chain data from Etherscan shows that the attacker has already laundered the funds using the infamous ‘Tornado Cash’ Ethereum mixing service for private transactions.

Why You Should Care

The high levels of activity in the NFT space have made it a prime target for hackers, who seek to exploit the vulnerabilities in NFT protocols.

Back to Top
Close Zoom
Don't push your luck