Connect with us

Business

NFT Platform OMNI Hit By Re-Entrancy Exploit, Lost $1.4M in ETH

Business

ApeCoin DAO gives thumbs up to .APE top-level domains

Business

Trezor X account shills fake presale tokens in suspected hack

Business

Saudi Arabia plans $40B AI investment fund overseen by a16z: Report

Business

USDM stablecoin eyes retail rollout next month: Mehen founder

Business

Novogratz’s Galaxy reaches $10B AUM amid surge of investor interest in crypto

Business

Crypto custody firm Bakkt faces delisting if shares stay under $1

Business

Dutch central bank reveals it fined Crypto.com for registration violations

Business

Coinbase shares dip after-hours as exchange plans $1B convertible notes offer

Business

UK treasury seeks to improve AML through crypto supervision changes

Business

NFT Platform OMNI Hit By Re-Entrancy Exploit, Lost $1.4M in ETH

Published

2 años ago

on

Source: CryptoPotato / Jordan Lyanchev

The platform reassured that no customer funds’ were stolen and has suspended all of its services for now.

OMNI – an NFT finance platform that lends out cryptocurrency in exchange for staked NFTs – fell victim to a re-entrancy exploit that led to the loss of nearly 1,300 ETH, worth $1.4 million at the time.

Bad Debts Due to Bad Code

The project in question lost the funds following a bad faith staking of NFTs from the Doodle collection. In order to carry out the attack, the perpetrator first deposited Doodles as collateral for a loan of wrapped ETH (wETH). Once the loan was secured, the exploiter was able to withdraw all Doodles except for one, causing a callback function that voided the debt acquired by purchasing wETH.

Once these two steps were completed, the Doodle remaining on the platform was no longer enough to cover the debt incurred. The position was then liquidated by the system, returning the last of the Doodles to the attacker as well.

No Chance for a White Hat Appeal

In the wake of recent attacks on DeFi, recently exploited devs have often made open appeals to those behind the hack, offering to consider them as a white-hat event in return for most or all of the stolen funds.

In some cases, this has worked out nicely – the Optimism exploiter, for instance, returned most of the funds after asking for Vitalik Buterin’s advice. The devs at Harmony recently tried the same approach but were summarily ignored as the laundering of the stolen tokens commenced.

In this case, the appeal never had a chance to be made, as the attacker immediately sent his newly appropriated wETH to Tornado, a mixing service that obfuscates the origin of funds. Due to this capability, it is often used by cybercriminals attempting to launder ill-begotten gains.

OMNI Protocol Suspended

The OMNI protocol – still in beta – has been shut down by the devs in charge, pending audits and security patches. Furthermore, OMNI devs confirmed that no customer funds were affected by the exploit, indicating that the misappropriated wETH were “internal testing funds.”

“OMNI is still in testing (beta). No customer funds were lost, only internal testing funds were affected! We have suspended the OMNI protocol until we completed the investigation and have everything reviewed again by external security and auditing firms.”

Unfortunately for the devs and fans of the project, it looks like OMNI will have to remain in beta for a while longer than previously planned.

Related Topics:
Continue Reading
Click to comment

Leave a Reply

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *