NFT money market OMNI experienced a reentrancy attack on the beta version of its protocol. No real funds were stolen, as the attacker only stole 1,300 ETH in internal testing funds.
NFT protocol OMNI experienced a hack, losing 1,300 ETH in valueless funds as only internal testing funds were stolen, and no users’ funds were affected. The incident took place on July 10.
OMNI was quick to point out that the protocol was still in the beta phase and that it was just the internal testing funds that were affected. The team has suspended the protocol and is currently investigating the cause of the attack. PeckShield later said that it seemed to be a reentrancy-related hack.
Crypto security firm BlockSec later elaborated on the hack, saying that the attack on the protocol is “due to the old-school reentrancy of onERC721Received.” It also later highlighted the vulnerabilities in the smart contracts, showing that the attacker used NFTs to borrow ETH. The borrowed ETH was turned into bad debt that didn’t require paying.
The team hasn’t yet offered a thorough postmortem on the attack, which usually follows an attack. They are fortunate in that only internal testing funds were stolen. The DeFi and NFT space has been subject to several attacks, with bad actors making away with hundreds of millions of dollars.
OMNI is an NFT financialization protocol that is an NFT money market, offering lending and borrowing services. Users can lend NFTs and other ERC-20 tokens to earn interest on them. The assets can also be used as collateral for borrowing assets.
Attacks continue to plague the NFT space
The NFT space, while it has been slowing down in terms of sales, remains one of the most active sectors in the crypto market. This has made it a prime target for hackers, who seek to find exploitations where they can and make away with the funds. Several such incidents have taken place this year alone.
NFT lending pool XCarnival lost nearly $4 million in an exploit, though the hacker accepted a 1,500 ETH bounty. The Bored Ape Yacht Club has also suffered multiple attacks — phishing attempts that targeted Discord and other social media platforms.
The most prominent hack in this space was that of the Ronin Bridge, which saw over $600 million stolen. Analysts believe that North Korean hackers were behind the incident. With the recent market crash, however, North Korea has seen its stolen crypto value dwindle to a much smaller sum.