NFT money market OMNI suffered a “reentrancy” attack in the beta version of its protocol. The attacker stole 1,300 Ethereum from internal test funds. Here are the details…
NFT protocol suffered hack attack: Ethereum stolen
NFT protocol OMNI suffered an attack. But only internal test funds were stolen. No user’s funds were affected. The incident occurred on July 10. OMNI was quick to point out that the protocol is still in beta and only internal testing funds are affected. The team suspended protocol. Then, he began to investigate the cause of the attack. PeckShield later said it looked like a re-login hack. Blockchain security company BlockSec also said that NFT was deposited on the platform from the Doodles collection in the attack. wETHs were used as collateral in this transaction.
Crypto security firm BlockSec later detailed the attack, saying that the attack on the protocol was “due to the old-fashioned re-entry of onERC721Received.” It also later highlighted the vulnerabilities in smart contracts, showing that the attacker used NFT to borrow ETH. Borrowed ETH turned into bad debt with no payment required.
The team has yet to provide a comprehensive autopsy on the attack, which usually follows an attack. They’re just lucky that their internal testing funds were stolen. The DeFi and NFT space has been subject to various attacks where bad actors have smuggled hundreds of millions of dollars. OMNI is an NFT financialization protocol, an NFT money market that provides lending and borrowing services. Users can lend NFTs and other ERC-20 tokens to earn interest. Assets can also be used as collateral to borrow assets.
Attacks continue to plague the NFT domain
While the NFT space has slowed in terms of sales, it remains one of the most active sectors in the crypto market. This has made it a prime target for hackers trying to find exploits where they can and get rid of funds. Few such incidents have occurred this year alone. As we reported as Kriptokoin.com, an NFT loan pool XCarnival lost about $4 million in a hack. However, the hacker accepted the 1,500 ETH reward. Bored Ape Yacht Club has also suffered multiple attacks, including phishing attempts targeting Discord and other social media platforms.
The most notable hack in this area was Ronin Bridge, which stole over $600 million. Analysts believe North Korean hackers are behind the incident. But with the recent market crash, North Korea has seen the value of stolen crypto plummet to a much smaller amount.