NFT PLATFORM OMNI WAS HACKED FOR 1.3K ETH, CEO CLAIMS IT WILL NOT AFFECT USERS AS PLATFORM IS STILL IN BETA TESTING!

According to PeckShield, the NFT platform Omni was hacked for 1,300 ETH (approximately $1.43 million) after the hacker exploited the firm’s reentrancy vulnerability protocol.

The NFT platform enables users to stake their NFTs for popular collections such as Bored Ape Yacht Club to receive tokens as ETH.

Even though the hacker could steal more than 1,300 wETH ($1.4 million), the ERC20 tradable version of ETH, Omni stated that the theft had no impact on customers’ funds. Because the platform is still in beta testing, only internal testing funds were impacted, according to the company.

According to the NFT company, the protocol has been suspended pending a thorough investigation.

According to The Block, Solidity-coded projects are vulnerable to reentry. It enables hackers to force their smart contract to call an untrusted agreement.

The hacker deposited NFTs from a collection called Doodles, which were used to borrow wETH.

Following the deposit and liquidation of the position, the attacker receives the remaining Doodle NFT from the original collateral.

Zhou added that hackers frequently liquidate the loan position because the value of the NFT left as collateral before invoking the callback function is insufficient to cover the debt. To combat this, hackers typically rely on reentrancy, which allows them to force their way through using borrowed wETH to purchase more NFTs before the liquidation occurs.

Zhou also stated that the hacker used the Doodles NFT obtained with the initial loan as collateral to borrow more wETH. However, because Omni failed to recognize this new position, the hacker was able to withdraw the NFTs without repaying the loan.

According to The Block, data from Etherscan shows the attacker has already laundered the funds via a coin mixing service for private transactions on Ethereum called Tornado Cash.