Non-fungible token (NFT) platform, Omni was hacked for 1,300 ether (ETH) ($1.43 million) as the hacker exploited the firm’s reentrancy vulnerability protocol, according to PeckShield.
The NFT money market platform allows users to stake their NFTs on the platform, normally open staking for popular collections like Bored Ape Yacht Club, to receive tokens like ETH.
Although the hacker was able to drain out more than 1,300 wETH ($1.4 million), the ERC20 tradable version of ETH, Omni stated that the theft did not affect customers’ funds. The company added that only internal testing funds were impacted as the platform is still in beta testing mode.
The protocol has been suspended for a complete investigation, according to the NFT company.
According to The Block, projects coded with Solidity are vulnerable to reentrancy. It allows hackers to force their smart contract to make an external call to an untrusted contract.
For this nature of the hack, Yajin Zhou – CEO of blockchain security company BlockSec – told The Block that the hacker deposited NFTs from a collection called Doodles, which were used to borrow wrapped ETH (WETH), tokenized versions of cryptocurrencies that are pegged to the value of the original coin.
Following the deposit and liquidation of the position, the remaining Doodle NFT from the original collateral is returned back to the attacker.
Zhou added that hackers often liquidate the loan position as the value of the NFT left as collateral before the callback function was invoked isn’t sufficient to cover the debt position. To tackle this, hackers typically rely on reentrancy as they are able to force through using borrowed WETH to buy more NFTs before the liquidation occurs.
Furthermore, Zhou added that the hacker then used the Doodles NFT acquired with the initial loan as collateral to borrow more WETH. However, as Omni had failed to recognize this new position, the hacker could withdraw the NFTs without paying back the loan.
According to The Block, data from Etherscan shows the attacker has already laundered the funds via a coin mixing service for private transactions on Ethereum called Tornado Cash.
Subscribe now and get exclusive news, interviews and stories.
With blockchain, we will put an end to the monopoly of government-issued currencies, as suggested in the title of Hayek’s work – “Denationalization of Money.” Blockchain will simplify the set of concepts revolving around financial services and the complexity of the IT systems. With blockchain, we will have a cryptocurrency that is more stable and safer than any currency that has ever existed before it. This will bring about true “monetary and financial freedom.” (Read More)
– Kun Hu (CEO of Worldmoney)
Subscribe today and get the latest news, exclusive interviews and analyses.
Copyright © 2022 Blockchain News. All Rights Reserved.
We use cookies to improve your user experience and our services. By clicking “Accept” or continuing to use our site, you agree to the terms of our Privacy Policy.