NFT protocol OMNI experienced a hack where 1,300 ETH in internal testing funds stolen.
The attacker carried out a reentrancy attack.
The NFT space continues to be a prime target for bad actors.
No real funds were stolen, as the attacker only stole 1,300 ETH in internal testing funds.
The incident took place on July 10.
OMNI was quick to point out that the protocol was still in the beta phase and that it was just the internal testing funds that were affected. The team has suspended the protocol and is currently investigating the cause of the attack. PeckShield later said that it seemed to be a reentrancy-related hack.
Crypto security firm BlockSec later elaborated on the hack, saying that the attack on the protocol is “due to the old-school reentrancy of onERC721Received.” It also later highlighted the vulnerabilities in the smart contracts, showing that the attacker used NFTs to borrow ETH. The borrowed ETH was turned into bad debt that didn’t require paying.
The team hasn’t yet offered a thorough postmortem on the attack, which usually follows an attack. They are fortunate in that only internal testing funds were stolen. The DeFi and NFT space has been subject to several attacks, with bad actors making away with hundreds of millions of dollars.
OMNI is an NFT financialization protocol that is an NFT money market, offering lending and borrowing services. Users can lend NFTs and other ERC-20 tokens to earn interest on them. The assets can also be used as collateral for borrowing assets.